Security expert warns of web services threat

Companies must do more to protect web systems or business will suffer

Web services will flounder unless the web is made more secure, a leading security expert has warned.

Ahead of his keynote speech at the World Wide Web conference in Edinburgh this week, Phillip Hallam-Baker, principal scientist at security specialist VeriSign, told IT Week that internet crime is the biggest challenge facing the web community now that criminals are selling stolen credentials, custom-written viruses and other illegal services online.

"I've spent a lot of time on web services and if security is not built into them they'll be dead on arrival," Hallam-Baker warned. "If you don't secure the systems people are already using, corporations won't expose their entire supply chain [by using web services across organisational boundaries] in an environment rife with crime."

To encourage consumer and corporate trust in the internet, Hallam-Baker called for more effort to boost the web's authentication and accountability infrastructure, starting with stronger SSL Certificates allowing certification authority and merchant logos to be displayed in the browser bar.

"Eventually we will have to have branded [communications] where every message [including] emails, instant messages and VoIP [traffic] has to be consistently authenticated and branded," Hallam-Baker said. "The web experience needs to have as consistent a logo as the real world."

Hallam-Baker also called for greater efforts to identify and prevent networks of compromised computers, known as bot-nets, from being used in denial-of-service and other attacks, to stop the spread of malware infections, "from a public health point of view".

"I think we're going to win [the battle to secure the internet]," he said. " But if we don't fix it soon future uses [of the web] will be put on hold. We need to bring down net crime in the old web before we convince people [to invest in new web technologies]."