Wednesday, April 02, 2008

Web 2.0 Security Hangover

From the "I-Told-You-So" Dept:

Brian Prince writes on eWeek:

Web 2.0 applications have certainly made the user experience more interactive, but organizations need to be mindful of their impact on Web site security.

Certainly, there are a number of reasons Web sites become an attractive target for hackers; sometimes sites are built prior to an attack being known about, or the developers were in a hurry. Still, some researchers say the Web 2.0 rush has had an impact on security as well, opening up new possibilities for attackers.

"The Web used to be a very static delivery method," said Mary Landesman, senior security researcher at ScanSafe. "All we could do is go to a site and read it. We couldn't interact with it."

But in today's dynamic Web 2.0 environment, there is a lot of give-and-take of information, from visitors leaving comments to third-party advertising being pushed in by affiliate ad programs, Landesman said.

"There's a lot of Web applications that are now involved," she said. "It just opens the door for exploits, either within the Web application, or through social engineering or by a hostile person inserting themselves at some point in this chain of affiliate relationships."

More here.

Note: Not to seem self-congratulatory, but I think many of us were saying this almost a year ago. - ferg

0 Comments:

Post a Comment

<< Home