from the new-armor-with-new-holes dept.
Trailrunner7 writes "Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."
superglaze writes "Jon von Tetzchner, Opera's CEO, has claimed that the open standards in HTML 5 will make it unnecessary to deliver rich media content using the proprietary Flash. '"You can do most things with web standards today," von Tetzchner said. "In some ways, you may say you don't need Flash." Von Tetzchner added that his comments were not about "killing" Flash. "I like Adobe — they're a nice company," he said. "I think Flash will be around for a very, very long time, but I think it's natural that web standards also evolve to be richer. You can then choose whether you'd like [to deliver rich media content] through web standards or whether you'd like to use Flash."'"