HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes

HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes.

As usual, new technology spawns new threats. HTML5 will be no different.

HTML5 allows a website to run javascript processes that request data from another site, and to launch invisible scripts “in the background” on a user’s machine for long periods of time, says Kuppan. “With HTML4, after twenty seconds the browser would freeze,” he says.

And this:

Once the hacker has control of a user’s browser, it can be used to do all the same sorts of unpleasant things that botnets of malware-hijacked computers generally do: By repeatedly requesting data from another site–Kuppan says javascript can make around 10,000 requests a minute–it can overwhelm a target’s server and knock it offline. Or by creating and filling the sort of entry field typically used on corporate websites for leaving feedback, it can send mass emails to a list of addresses.

And this:

To keep users on a page longer while his scripts run, Kuppan suggests a trick that involves a clever form of “clickjacking.” Using javascript, an invisible link can be inserted wherever a user clicks on a page to open another tab with the desired destination. Since most users leave unused tabs unattended, a script can run on the original tab, potentially for hours, without the user’s knowledge.

We will need a tool which gives users better visibility into what’s going on their workstations and the ability to either automatically take actions against anomalous behavior or give users options to take actions.

About Cymbel

Specialists in information security. Helping organizations secure their networks and mitigate the risks of modern threats.

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.