Companies warned on Web 2.0 security threats

Research highlights dangers of the latest online technology

Written by Tom Young

Computing, 26 Sep 2006

Web 2.0 technologies present a number of areas for security concern, according to the latest Internet Security Threat Report by Symantec, released this week.

Web 2.0 is a term used to describe new web application technologies and sites such as blogs, wikis and social or professional networking. Web 2.0 tools allow for user-created content to be developed and implemented by groups of individuals, and are increasingly being used by companies for better staff collaboration and communication.

'Because individuals are able to create and host content on various collaboration platforms such as weblogs, the possibility exists for those platforms to host exploits and become distribution points for links to fradulent web sites, malicious code, and other security threats, such as spyware,' says the report.

Attackers will often take advantage of the implied trust between the community of individuals and the sites hosting content to compromise users and/or web sites.

Additionally Web 2.0 technologies rely heavily upon web services, tools that are designed to support interoperability between systems over a network.

Symantec expects to see an increase in the number of attacks taking advantage of the interconnected, interactive nature of Ajax software programming tools to increase the number of potential targets.

Ajax is a web development technique for creating interactive web applications.

'Because Ajax can be used in conjunction with a large number of web services and enables connectivity between them, this could present additional attack vectors into which attackers could inject hostile content,' says the report.

The potential also exists in Ajax for attackers to exploit the trust relationshoip inherent in the client-server model utilised in web applications by creating exploits hosted by malicious web services that steal poorly stored state or login information on PC clients.

One example of this is cross-site scripting, according to the report:

'Cross-site scripting attacks take place when web applications gather data from a user or other source and then create an output of that data on a user's web browser. Not only could this allow an attacker to steal confidential information, it could also allow an attacker to insert malicious code onto the host through malicious scripts,' it says.

What do you think? Email us at feedback@computing.co.uk

Further Reading:

Viral email traffic falls but threat remains

Security threat shifts to the desktop

Security - Special report

reader comments

related articles

 

Hackers step up website attacks

Security forecast for 2008 makes grim reading 20 Feb 2008

Ecommerce

Hackers 'seeding' legitimate websites

SQL injection attacks colonising big name sites 09 Jun 2008

Security

Flash attacks set off security alarms

Infected Flash SWF files causing havoc 28 May 2008

related whitepapers

today's top stories

The Big Picture

Learning from the credit crunch to avoid a broadband crunch

While it might be the most pressing issue de jour , the financial system isn’t the only area where government needs to... 10 Oct 2008

Management

How careerism can warp IT procurement

Many working in IT put their career interests before those of their employer when weighing up purchasing options 10 Oct 2008

Management

City in pressing need of skilled IT matchmakers

With the financial services sector plunging ever deeper into an M&A maelstrom, IT leaders are having their systems integration skills and due diligence expertise tested as never before 09 Oct 2008

Software

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Management

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job


IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you apply for a job that was advertised on Facebook or a similar social networking site?

Would you apply for a job that was advertised on Facebook or a similar social networking site?

The government is using Facebook to recruit IT staff - would you apply to such an ad?

Previous poll results

> More polls

Latest audio and video articles

programming codeVideo

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Podcast imageAudio

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More audio and video

Latest in-depth articles

Financial Services Authority buildingAnalysis

FSA threatens executives with fines

Senior management to be held accountable for security lapses at banks 09 Oct 2008

Comment

Broadband must be a spending priority

For the economic health of the nation, the government would do better to bankroll an optical fibre rollout rather than prop up profligate banks 09 Oct 2008

> More in depth articles

Advertisement

Primary Navigation