All Channels
Popular
260°

Browser Beware

Next-generation Web apps could spark new hacking attacks on browsers.

Consumers use rich Internet technologies such as Google Gears to download videos and images from the Internet. Hackers can use these applications for a different purpose: to steal data through Web browsers.

gololo6544d ago

this has nothing to run windows...so don't blurt out stupid things. the problem is local data storage, Google Gears and HTML5 spec (and Safari 3.0) have an API for an SQLite local database, which opens up possibilities to make web apps faster and more efficient. However, the article is right, devs have to be careful how they use this APIs since there could be open doors for hackers to check the data in this client side databases. Now, I think people should stick to best practices, if devs are storing sensitive information (credit card, passwords) in the local db, then yeah, its pretty stupid. Then again, I've seen a good amount of websites with user ids and passwords embedded in the query string of URLs...so yeah devs to be more educated about security in web apps in general.

AuToFiRE6544d ago

actually it is windows fault, with IE it is integrated into the OS itself, and i mean very deep, it is used to search the computer, and copy and delete files, etc, its not the APIs, its the browser and the OS, im to lazy to explain the rest, i will come back and explain it later

gololo6543d ago

Dude...it is the APIs, are you familiar with HTML5 spec and Google Gears? They basically are adding a bunch of features that extend EVERY browser's capabilities. For instance, Google Gears offer a pool of threads for Javascript, which is awesome since you can keep threads to execute UI/Logic separate. Another feature, and this is where experts see the BIG security risk is CLIENT SIDE DATABASE. Google Gears provide this in form SQLite (and there are well known exploits for this DB engine). HTML5 SPEC (currently NO BROWSER has implemented HTML5 spec fully) calls for a client side database, Safari (since they are part of the WHATWG which is trying to outdo the W3C for the HTML5 spec) it has been the first browser that implement the client side database storage (with the help of Webkit). So what is the big deal with client side DB, having this DB can be compared to use cookies, you can store anything in this client side DBs. So the big risk is careless devs that will start abusing this client side DB, or just plainly use it just because it's the latest technology so they want to be cool. Therefore, if I use the client side storage wisely (i.e. not storing name, credit card info, passwords, personal/sensitive info) it should be fine. Finally to wrap this up, and you might be confused is that, Google Gears and HTML5 ARE PLATFORM INDEPENDENT since these features are meant to extend and make the browser as powerful as it can be. So...that means that even as I type in my linux box, I could still be vulnerable if I'm running a Gears or a HTML5 DB and I visit a site that makes use of this in a careless manner.

gololo6543d ago

not to be alarmed....read on the open zone...

70°

Microsoft Gaming Revenue Drops 7% Year-on-Year, Content and Services Down 5%, Xbox Hardware Down 33%

Microsoft announced its financial results for Q3 of fiscal year 2026, including an update on its gaming Xbox business and more.

Read Full Story >>
simulationdaily.com
Jin_Sakai73d ago (Edited 73d ago )

Not looking good. Hopefully Asha Sharma is able to turn Phil’s disaster around.

dveio72d ago

To me it's still quite remarkable how they can cash-in 5.3bn in revenue in a single quarter, since their hardware is basically dead.

Jingsing72d ago

The stock mark is what makes Microsoft remarkable, They have convinced every institutional and retail investor to just keep piling money into them. Like many big tech giants they are just a big growing pyramid scheme. As long as people keep dropping money into ETF's that cover the market Microsoft will always be liquid. At the same time it is completely stifling innovation and competition. People need to start being more discreet in how they invest their money as it's killing the system.

Tanktopmaster9272d ago

Once they re-evaluate exclusive all will be fine….

S2Killinit72d ago

Riiiiight because people will just flock back to them for one or two games per year.

Jingsing72d ago

15+ years of bad performance is what they call irreparable in business. It is time for them to sell off the assets and get out of entertainment.

Tanktopmaster9272d ago

These declines are on the back of extra revenue received from releasing games like Forza horizon 5 on PlayStation. So I’m being sarcastic here when I said they should go back to exclusives. Killing off a revenue stream from Ps5 sales will only make things worse

Show all comments (13)
50°

Report: Injustice 3 in Development at NetherRealm Studios

Thanks to the slip-up of an artist working on the title, we now have more evidence that a new Injustice game is in the works.

50°

Spiders Studio, Developers of GreedFall: The Dying World, Announce Liquidation of the Company

Spiders: "We're going to cut straight to the chase so you're not left wondering: After a long period without clear answers, we have received confirmation that Spiders is being liquidated.

What does it mean? This means the company as a whole no longer exists. We'll cease our functions immediately. The planned DLC will release via Nacon, and then-- well, that's it.

We're sorry that it's come to this and would like to thank each and every one of you for your support over the years.

If you have any questions or run into issues with your games, please contact Nacon directly as we'll no longer be able to reply."