Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Rise Of HTML5 Brings With It Security Risks

HTML5 is the new "it" protocol on the Internet. Among other things, it is an alternative to Adobe's Flash for displaying content through a Web browser. No less an industry authority than the late Steve Jobs declared in 2010 that browsers on Apple devices such as the iPad would support HTML5 and not Flash. But as HTML5 gains wider adoption, some of its security flaws are beginning to get noticed, including the WebSocket specification that renders Web pages more quickly than does Flash.

"Anything new comes with some new security concerns," says Joe Bulman, systems architect for Wedge Networks, a network security company specializing in what it calls "deep content inspection" of traffic on Web networks.

HTML5 security issues have drawn the attention of the European Network and Information Security Agency (ENISA), which studied 13 HTML5 specifications, defined by the World Wide Web Consortium (W3C), and identified 51 security threats.

A recent alert from security vendor Sophos stated HTML5 provides far more access to the computer's resources than its predecessor, offering capabilities like location awareness, local data storage, graphics rendering and system information queries that are built in and quite powerful. However, the alert cautions that while the enhancements are great, "they radically change the attack model for the browser. We always hope new technologies can close old avenues of attack. Unfortunately, they can also present new opportunities for cybercriminals."

Bulman identified four main concerns. First is the problem of cross-origin resource sharing (CORS), in which a Web server can allow its resources to be accessed by a Web page from a different domain. While useful in aggregating content from several sites, he says, there is a risk that some content may be shared that shouldn't be. Second is the problem of click-jacking, in which malicious code is surreptitiously placed on a Web page image behind a digital mask that makes an item appear to be safe and invites the user to click on it. Third, HTML5 has unique geolocation and privacy issues that need to be addressed, although he adds that HTML5 standards bodies as well as browser vendors are addressing them.

In fact, to its credit, the HTML5 community is responsive and "transparent" in how it operates, he says. Also, HTML5 applications have more restricted access to system resources than with Flash, while HTML5 protocol updates are delivered through browser updates so they're more likely to be applied. All the major browser vendors are working on HTML5 security issues, and the HTML5 community enjoys the support of the Internet's biggest brands, including Facebook, Google, PayPal and Bing. This means that use of HTML5 should be on a strong growth curve.


Page:  1 | 2  | Next Page »


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Next Gen Network Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers