McAfee: Hybrid apps will be hacker target

In its 2010 Threat Predictions Report, McAfee said that the advent of HTML 5 - a yet-to-be-ratified, enhanced version of the HTML language used to create web pages - is blurring the line between the internet and the desktop. New functionality in the language makes web apps act more like desktop computer software than ever before. The hacker community will be drawn to this phenomenon, McAfee predicted.

An example of a HTML 5-based application is Google Wave, which reinvents email, combining it with instant messaging-like functionality to create online conversations that can be embedded in other web pages. The anti-virus vendor singled out Google's Chrome OS as a technology that will complement the new language to draw interest from hacker groups.

Chrome OS, an open-source operating system that was released to developers in November, is designed for use on netbooks and other small footprint devices that rely almost exclusively on internet-based applications for their operation. The system is scheduled for end-user release later this year.

"Google Chrome OS is intended for use with netbooks, and HTML5 enables not only a rich internet experience, but also offline applications. Another motivation for attackers is HTML 5’s anticipated cross-platform support, which will allow attackers to eventually reach users of many mainstream browsers", McAfee continued.

The document also suggested that the hacker community may switch its emphasis from Microsoft to Adobe. "In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot", it said. Adobe has already seen several zero-day attacks from hacker groups targeting these two.

Other, perhaps more obvious, predictions from the report include more sophisticated hacker threats targeting social networking applications, as their user numbers increase, and cleverer banking trojans (it's generally a safe bet to assume that the hacker underground won't become dumber, and simpler, and neither will its products).
 

What’s hot on Infosecurity Magazine?