On HTML Insecurities…

March 17, 2010 by ADMIN

Share |

From Comet

Way back when, the first webserver was created, serving HTML documents.

HTML was designed to show documents with hypertext links, and also to allow the documents to have semantic markup that would be displayed to the reader.

HTML version 1 included a HEAD and BODY section. The HEAD section contains information about the document, such as the TITLE. The BODY section contained the text, markup for the text (e.g. H1 headers, LI lists, STRONG emphasis), hyperlinks to other documents, and embedded images.

Web pages were perceived by the web browser as static entities; no scripting or even direct inclusions of other HTML documents (i.e. no EMBED or FRAMES). Such documents posed little security threat, as they did not contain interpreted code or third-party documents (apart from images).

Although it is straightforward to use secure coding practices to ensure that the browser will not be vulnerable to being exploited from viewing a web page, there have been a number of vulnerabilities that have continued to affect even modern browsers, in the area of image display…

Continued: https://www.infosecisland.com/blogview/3303-HTML-insecurities.html

All content from Information-Security-Resources.com will begin migrating to the Infosec Island Network:

We are pleased to announce that Infosec Island™ has acquired www.information-security-resources.com, one of the leading online news portals addressing security issues.

The two infosec communities will continue to be operated separately while ISR’s content is gradually migrated to the Infosec Island framework by mid-year.

Don’t miss out on your opportunity to win one of over $10k in service prizes in the Infosec Island Q1 Membership Drive!

Only completed profiles are automatically entered into the drawing. Registration is quick - it takes less than five minutes to complete.

Prizes include:

• The Grand Prize is a FREE core server license, including maintenance, of the Grid Data Security’s Enhanced Authentication Solution from SyferLock™. This prize has a value of up to $10,000.

• Second Prize – The member winning second prize will receive two myKryptofon security software products from I.D. Rank Security, valued at $690.

• Third Prize – Two third prize winners will receive an EncryptStick™ software application download from Onix International Inc.

Register now and win! https://www.infosecisland.com/

We are also seeking active security bloggers and forum moderators - a great way to increase your exposure and generate more business opportunities for your company.

Contact Anthony through your Island email account, or directly at afreed@WireHeadSecurity.com for more details!

Infosec Island is committed to serving the needs of SMBs and mid-market enterprises across many industries, as well as nonprofits, government agencies and educational organizations and the infosec community at large.

Copyright © 2009 - 2010 WireHead Security, LLC. All rights reserved.

* * *

Stay Informed With ISR News Alerts:

* * *

Follow us on Twitter

These icons link to social bookmarking sites where readers can share and discover new web pages.

Share |

Filed under: Cloud computing, D&O Liability, Financial, Government, Infosec Island Network, Insider Threat, Internet Security Alliance, Military, PCI, Sarbanes-Oxley, due diligence, hackers, healthcare, identity-theft, malware, national security, privacy, reach, virtualization

Tags: (ISC)2, access, Anthony M. Freed, Breach, breaches, bypass, CFO, CGEIT, CIO, CIPP, CISA, CISM, CISSP, computer, confidential, consumer product liability, control, Costs, CPA, CSI, cyber offensive, cyber security, cyber-crime, cyberattack, cybersecurity, D and O liability, Data, DDoS, DHS NCD, diplomacy, DISA, DOD, DRI, due diligence, Economy, electronic database, espionage, Finance, Financial, Financial Identity, Financial InfoSec, governance, hackers, homeland Security, IAP, ID, identity thief, IIA, infiltrate, Infoduciary, Information, Information Fiduciary, Information-Security-Resources.com, InfoSec, Infosec Island Network, InfosecIsland.com, infrastructure, Insider Threat, interview, IP address, IPS, ISACA, ISR, ISSA, kinetic attacks, law, legal, liability, login, markets, meltdown, misuse, national security, News, outsourcing, paperless, password, phishing, policy, privacy rights, regulations, regulatory, risk, sabotage, Security, shareholder derivative, spyware, SQL, System, systems, theft, third party, valuation, vendors, white-hat, zero day attack

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Categories
- Anthony M. Freed (27)
- Bill Brenner (2)
- Bob Violino (1)
- Bozidar Spirovski (23)
- Breach (540)
- Britt Womelsdorf (5)
- By Dr. InfoSec (2)
- Cara Garretson (7)
- CCCNews (1)
- Chorey Taylor & Feil (8)
- Christophe Veltsos (2)
- Christopher Burgess (7)
- CIOZone (26)
- Class Action Lawsuit (111)
- Cloud computing (425)
- Coby Royer (5)
- CTO Forum (9)
- D&O Liability (913)
- Daniel Wallace (5)
- Danny Lieberman (11)
- DataLine (10)
- David Alexander (2)
- Derek Crawford (1)
- Doug Pollack (7)
- due diligence (622)
- Fame Foundry (1)
- FEATURE ARTICLE (428)
- Financial (899)
- Fred Leland (7)
- Gene Kim (3)
- Government (685)
- Greg George (5)
- H1N1 (15)
- hackers (851)
- healthcare (446)
- Heather Bourgoin (1)
- HomeATM (8)
- identity-theft (847)
- IDExperts (17)
- Ike Z. Devji (1)
- Infosec Island Network (350)
- Insider Threat (802)
- Internet Crime Complaint Center (1)
- Internet Security Alliance (383)
- ISR News (321)
- Jacqueline Herships (2)
- Jenni Hesterman (3)
- John M. Salomon (2)
- John Watkins (7)
- John-Patrick Skaar (2)
- Kaliber Data Security and Compliance Consultants (3)
- Kat Sanders (2)
- Ken Leeser (3)
- Kevin L. Jackson (10)
- Kevin M. Nixon (21)
- Larry Ketchersid (1)
- Laton McCartney (7)
- Lauren Taylor (1)
- Linda McGlasson (1)
- malware (813)
- Mark Smail (1)
- Mark Wright (1)
- Mel Duvall (3)
- Michael Eggebrecht (3)
- Michael Lohr (1)
- Michael O'Conner (4)
- MicroSolved (1)
- Mike Duncan (3)
- Mike Meikle (4)
- Mike Spinney (1)
- Military (523)
- national security (765)
- PCI (620)
- PCI Security Standards Council (32)
- Physical Security (11)
- privacy (864)
- Rachel James (10)
- reach (323)
- Rebecca Herold (16)
- Richard Stiennon (44)
- Robert Siciliano (34)
- Sarbanes-Oxley (814)
- ScamStop (2)
- Sean Wilkins (2)
- Semyon Dukach (1)
- Simon Heron (14)
- Software Associates (11)
- Steven Fox (19)
- SUPERAntiSpyware (3)
- Sybase (6)
- Symplified (5)
- The Jester (8)
- The Privacy Professor (16)
- Thomas R. Fox (8)
- Tom Groenfeldt (2)
- Tom McLain (2)
- Trefis (14)
- Tripwire (18)
- Uncategorized (796)
- virtualization (413)
- Webcast (49)

Copyright © 2008 To Present · Information-Security-Resources.com (Permissions and Disclaimers) You are welcome to use, for any lawful purpose, the information that WE write and post to this site, provided that you link to and attribute Information-Security-Resources.com and the author(s). Any 3rd-party material linked to or referenced on this site is subject to the rights of the owners of that material.

We provide business consulting services. We do NOT provide legal or financial advice. There is no attorney / client relationship, or any privilege associated with our services. Nothing expressed on this site, or in association with our services, should be taken as legal counsel or financial advice. The opinions expressed on this site are the personal opinions of the writer(s), not those of any other individuals or organizations.

Theme: Copyright © 2008 · Revolution Code Blue designed by Brian Gardner

Information-security-resources.com is part of the Infosec Island network.