Good Read: Web 2.0 Security Dangers

I'm always looking for good articles describing real security issues on Web 2.0 sites. Web 2.0: Communication, Collaboration -- and Danger is a really good read. Good quotes below if you don’t have the time to read through the article.


Application layer technology can be expensive and hard to implement, however:
…finds it appalling that 97 percent of organizations are still using packet filters as their firewalls when the threat vector switched five years ago to the application layer. "So essentially everybody is out there today living in the Web 2.0 world using Web 1.0 risk mitigation,

Better protect your content!
virtually everyone out there is simply turning on RSS feeds into their browser to get news in real time, we'll say, yet nobody's considering the consequence of ActiveX or JavaScript being injected into the RSS feed.


Hopefully products that address these issues are inexpensive and easy to implement:
...products that address this issue and provide security with real-time scanning or real-time content inspection. The technology can inspect the code in the wire just before it is about to appear in a browser


Here's a real world example. Read the full article to see more.

When the Trojan is trying to get its command, let's say at midnight, it will connect to a blog service that no one has blocked because it is popular. If this Trojan collected data, it now needs to send it back out to the attacker, and it doesn't need to communicate with the attacker directly. It can be posted as content on the Web 2.0 site-in my MySpace profile or in a blog-and the hacker will connect to the blog, grab the data and then delete that from the blog. So Web 2.0 becomes a hosting platform that the hacker can use to either send commands to the Trojan or get the content out,"

continue reading "Good Read: Web 2.0 Security Dangers"
Share

About Isaac Sacolick

Isaac Sacolick is President of StarCIO, a technology leadership company that guides organizations on building digital transformation core competencies. He is the author of Digital Trailblazer and the Amazon bestseller Driving Digital and speaks about agile planning, devops, data science, product management, and other digital transformation best practices. Sacolick is a recognized top social CIO, a digital transformation influencer, and has over 900 articles published at InfoWorld, CIO.com, his blog Social, Agile, and Transformation, and other sites. You can find him sharing new insights @NYIke on Twitter, his Driving Digital Standup YouTube channel, or during the Coffee with Digital Trailblazers.