Industry News

The European Network and Information Security Agency recently identified 50 computer security vulnerabilities in proposed new HTML standards and issued a report on the threats to the World Wide Web Consortium, the group implementing the new standards.

The web consortium is currently working on revisions to HTML4, the standards for internet coding that have been in place since 1999. At the invitation of WWWC, ENISA reviewed 13 new specifications proposed for HTML5. In reporting its findings, ENISA stressed how critical it is to ensure HTML5 is as secure as possible, because the standards will impact all the activities undertaken via web browsers, including banking and managing national infrastructure systems.

ENISA found issues in the proposed standards that could potentially give cyber criminals new ways to access sensitive user information. For example, new form submission standards could allow a hacker to manipulate the HTML code on a browser page to create a fake "submit" button on a form that would send the form to a malicious third party rather than the intended recipient.

The WWWC said they welcomed ENISA's suggestions for security fixes.

In June, the European Union set up a Computer Emergency Response Team to prevent and respond to cyber attacks against EU institutions.