Menu

Stories by Doug Camplejohn

Exploiting Web 2.0

Although Web 2.0 has enriched the internet with some great new capabilities, it has also brought some very unpleasant ones, namely a whole class of new security threats that can silently install when a user visits a compromised website. Web 2.0 gives the bad guys more "surface area" to exploit-more bandwidth, more communication channels (for example, IM, P2P), and more client-side executable options. To make matters worse, many users appear to have thrown caution to the wind when it comes to downloading untrusted content. Employees who would never download an email attachment from someone they didn't know will now add a widget to their MySpace page or play a potentially harmful YouTube clip without knowing where it came from.
It is also becoming more and more difficult to distinguish malicious from nonmalicious sites. Google recently published a paper from researching sites it crawls and found that one in 10 websites contains a malicious payload. Most users would be hard-pressed to distinguish the malicious 10 percent from a random set of search results. Once inside the firewall, these covert applications can steal confidential data, infect other machines and launch spam or malicious attacks.

Written by Doug Camplejohn22 Sept. 07 22:00