Companies warned on Web 2.0 security threats

Research highlights dangers of the latest online technology

Written by Tom Young

Computing, 26 Sep 2006

Web 2.0 technologies present a number of areas for security concern, according to the latest Internet Security Threat Report by Symantec, released this week.

Web 2.0 is a term used to describe new web application technologies and sites such as blogs, wikis and social or professional networking. Web 2.0 tools allow for user-created content to be developed and implemented by groups of individuals, and are increasingly being used by companies for better staff collaboration and communication.

'Because individuals are able to create and host content on various collaboration platforms such as weblogs, the possibility exists for those platforms to host exploits and become distribution points for links to fradulent web sites, malicious code, and other security threats, such as spyware,' says the report.

Attackers will often take advantage of the implied trust between the community of individuals and the sites hosting content to compromise users and/or web sites.

Additionally Web 2.0 technologies rely heavily upon web services, tools that are designed to support interoperability between systems over a network.

Symantec expects to see an increase in the number of attacks taking advantage of the interconnected, interactive nature of Ajax software programming tools to increase the number of potential targets.

Ajax is a web development technique for creating interactive web applications.

'Because Ajax can be used in conjunction with a large number of web services and enables connectivity between them, this could present additional attack vectors into which attackers could inject hostile content,' says the report.

The potential also exists in Ajax for attackers to exploit the trust relationshoip inherent in the client-server model utilised in web applications by creating exploits hosted by malicious web services that steal poorly stored state or login information on PC clients.

One example of this is cross-site scripting, according to the report:

'Cross-site scripting attacks take place when web applications gather data from a user or other source and then create an output of that data on a user's web browser. Not only could this allow an attacker to steal confidential information, it could also allow an attacker to insert malicious code onto the host through malicious scripts,' it says.

What do you think? Email us at feedback@computing.co.uk

Further Reading:

Viral email traffic falls but threat remains

Security threat shifts to the desktop

Security - Special report

reader comments

related articles

 
Internet

Google puts the shine back into Chrome

Security update fixes browser issue 24 Apr 2009

Internet

Massive UK and US botnet uncovered

Finjan finds Ukraine-controlled network of nearly two million compromised PCs 22 Apr 2009

Internet

Microsoft releases Internet Explorer 8

Latest version of the web browser finally available to download 19 Mar 2009

related whitepapers

today's top stories

Ecommerce

What does Windows 7 mean for Microsoft?

With the sting of Vista still fresh, Redmond has to make next Windows work 10 Jul 2009

Management

A smarter way to use BI

Getting the most from business intelligence systems requires not only careful management on the part of IT leaders, but also the committed involvement of decision-makers across the organisation 08 Jul 2009

Mainstream Matters

The truth behind the Google/Microsoft/NHS rumours

Before Monday 6 July, did you know that Google and Microsoft had services for storing health records? Thanks to an article in... 10 Jul 2009

Management

Quenching a thirst for IT modernisation

A substantial restructure at soft drink supplier Nichols -­ purveyor of Vimto - ­led the company to update its software to Sage 1000 to replace its in-house application. This resulted in the streamlining of the IT department and an opportunity to customise the system 08 Jul 2009

Management

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will Google Chrome OS be a genuine alternative to Windows?

Will Google Chrome OS be a genuine alternative to Windows?

Tell us your views on the new operating system rivalry

View poll results

> More polls

Latest audio and video articles

network cablesVideo

How to maximise the value of your IT networking investment

A panel of experts discuss networking strategies that deliver real value to business 03 Jul 2009

green footprintsVideo

How to manage enterprise energy use - and the role IT can play

A panel of experts explore how firms can get to grips with their carbon footprint and make smarter use of energy 01 Jul 2009

> More audio and video

Latest in-depth articles

Google ChromeAnalysis

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Satyam CEO CP GurnaniNews

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More in depth articles

Advertisement

Primary Navigation