Companies warned on Web 2.0 security threats

Research highlights dangers of the latest online technology

Written by Tom Young

Computing, 26 Sep 2006

Web 2.0 technologies present a number of areas for security concern, according to the latest Internet Security Threat Report by Symantec, released this week.

Web 2.0 is a term used to describe new web application technologies and sites such as blogs, wikis and social or professional networking. Web 2.0 tools allow for user-created content to be developed and implemented by groups of individuals, and are increasingly being used by companies for better staff collaboration and communication.

'Because individuals are able to create and host content on various collaboration platforms such as weblogs, the possibility exists for those platforms to host exploits and become distribution points for links to fradulent web sites, malicious code, and other security threats, such as spyware,' says the report.

Attackers will often take advantage of the implied trust between the community of individuals and the sites hosting content to compromise users and/or web sites.

Additionally Web 2.0 technologies rely heavily upon web services, tools that are designed to support interoperability between systems over a network.

Symantec expects to see an increase in the number of attacks taking advantage of the interconnected, interactive nature of Ajax software programming tools to increase the number of potential targets.

Ajax is a web development technique for creating interactive web applications.

'Because Ajax can be used in conjunction with a large number of web services and enables connectivity between them, this could present additional attack vectors into which attackers could inject hostile content,' says the report.

The potential also exists in Ajax for attackers to exploit the trust relationshoip inherent in the client-server model utilised in web applications by creating exploits hosted by malicious web services that steal poorly stored state or login information on PC clients.

One example of this is cross-site scripting, according to the report:

'Cross-site scripting attacks take place when web applications gather data from a user or other source and then create an output of that data on a user's web browser. Not only could this allow an attacker to steal confidential information, it could also allow an attacker to insert malicious code onto the host through malicious scripts,' it says.

What do you think? Email us at feedback@computing.co.uk

Further Reading:

Viral email traffic falls but threat remains

Security threat shifts to the desktop

Security - Special report

reader comments

related articles

 

Hackers step up website attacks

Security forecast for 2008 makes grim reading 20 Feb 2008

Orkut worm hits 700,000 users

Infection thrives on Google social network 21 Dec 2007

Ecommerce

Hackers 'seeding' legitimate websites

SQL injection attacks colonising big name sites 09 Jun 2008

related whitepapers

today's top stories

Management

IT's stock is soaring at the LSE

London Stock Exchange IT chief David Lester explains to Angelica Mari how the integration of Borsa Italiana is keeping his team busy, despite the worsening economy 20 Nov 2008

Management

Keeping IT in fashion

John Bovill has been hooked on retail since his early years as a fashion market trader. His industry knowledge is now helping him build a slick IT operation, reports Charlotte Moore 20 Nov 2008

Management

Cutting-edge IT delivers the goods

Chief technology officer Jay Bregman explains how constant innovation is part and parcel of his strategy for delivering competitive advantage at eCourier 20 Nov 2008

Management

Computing podcast: Europol's data sharing woes; credit card protection at Cotton Traders

The pan-European fight against organised crime is undermined by lax data sharing arrangements; and Cotton Traders enhances its credit card protection 20 Nov 2008

Management

Keeping IT on track

Catherine Doran, winner of Computing’s IT Leader of the Year award, tells Angelica Mari of her determination to drive on with technology-led transformation at Network Rail despite uncertainty over funding 19 Nov 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will attempts to rebrand IT as a "cool" choice of profession increase the number of IT graduates?

Will attempts to rebrand IT as a "cool" choice of profession increase the number of IT graduates?

Can brand building reverse a decline in IT graduate numbers?

Previous poll results

> More polls

Latest audio and video articles

Video

The definitive guide to converged communications

Five key trends and five best practice tips to help you improve your corporate communications 20 Nov 2008

PodcastAudio

Computing podcast: Europol's data sharing woes; credit card protection at Cotton Traders

The pan-European fight against organised crime is undermined by lax data sharing arrangements; and Cotton Traders enhances its credit card protection 20 Nov 2008

> More audio and video

Latest in-depth articles

StarFeatures

Retaining the stars of IT

Jim Mortleman investigates the innovative techniques IT leaders are using to hang on to their star performers 20 Nov 2008

Dave BaileyComment

Clouds darken outlook for Vista's successor

Windows 7 looks like being an improvement on Vista, but economic and environmental concerns may mean few enterprises will rush to adopt it 20 Nov 2008

> More in depth articles

Advertisement

Primary Navigation