Security researcher Michael Sutton warns that the types of offline storage specified in the HTML5 standards offer criminals new ways to attack users’ systems.
Some applications that run entirely over the Web place a small relational database on user systems. Those databases allow people to use the apps offline, but they could also be a vector for attack.
“As sites start to adopt Google Gears and HTML 5, this whole concept of stealing data from client-side relational databases will become a much, much bigger issue,” said Sutton. “In my opinion [they are] a lot easier to attack.”