Wall Street & Technology: Blog
subscribe July 23, 2007

Web 2.0: A New Port of Entry for Hackers?

If your company has leapt onto the Web 2.0 bandwagon – embracing applications like blogs, wikis and podcasts that foster increased collaboration and communication - it could be exposing its corporate networks to new attacks from hackers.

Web 2.0 applications enable anyone to have access to your source code and will expose you to attacks without you knowing it is happening, says Ryan Berg, co-founder and chief scientist for Ounce Labs , a provider of source code vulnerability analysis solutions.

“With Web 2.0, attackers have much more inside knowledge of how your applications work. You have to recognize that the minute you put your code in the browser, you no longer own it. Anyone can modify the browser code. So you must never trust the client,” Berg says. “And make sure your business-sensitive information is not exposed.”

Berg adds that nowadays Web browsers are being used as the attack platform of choice. In the pre-Web 2.0 days, you used to get a malicious alert box popping up on your screen which you could then simply avoid clicking on.

But the old adage of not clicking on any links you don’t trust no longer holds true. Nowadays, just visiting a Web site is sufficient: as soon as you visit what seems to be an innocuous Web site, code could start running on your machine in the background, ready to steal any sensitive information you have on your computer.

Berg says one of the best ways of protecting yourself when surfing the Web is to disable JavaScript, the scripting language most often used for web development, which enables any site to potentially run code in the context of your browser.

Internet Explorer is also a potential minefield: its use of Active X controls that give full access to the Windows operating system can expose you to malicious Active X threats in a way that other browsers such as Mozilla Firefox, will not.

Berg also urges Web users to remember to always log out of web applications. Online banking has become more risky. Clients used to have to download special applications from their bank in order to do online banking, but that is no longer necessary and clients who log onto their bank account from a regular Web browser application often forget to log out of the page, which leaves them open to attacks.

More generally, the ever-present Google bar in browsers allows users to do searches without having to close any open windows.

“It’s very easy for people to browse with all their windows open and this way the user loses the notion of what they are being authenticated into. It leaves you open to a bunch of attacks,” says Berg.

Posted by Melanie Rodier at 02:03 PM



This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


CHECK THIS OUT

Novell Real Time Linux Webcast Series
In order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs.

Events

Live Events:
Accelerating Wall Street 2
October 02, 2008

Buy-Side Trading Summit 2008
November 16-18, 2008


White Papers

Level 3 Connectivity Kit
Stay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast

Surviving and Thriving in a Challenging Market
Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility.

Marketplace

Career Center


Ready to take that job and shove it?

Function:
Information Technology
Engineering
State:


Keyword(s):

Browse By:
State | City
techweb
Online Communities TechWebInformationWeekLight ReadingIntelligent EnterprisebMightyNetwork ComputingDark ReadingDigital LibraryWall Street & Technology
Byte & SwitchNo JitterInternet EvolutionLight Reading's Cable Digital NewsContentinopleUnStrungBank Systems & TechnologyAdvanced TradingInsurance & Technology
Face-to-Face Events
InteropWeb 2.0 ExpoWeb 2.0 SummitVoiceConBlack HatCSISoftwareEntrprise 2.0 ConferenceGTEC
 Mobile Business Expo
InformationWeek 500 ConferenceBuy Side Trading XchangeBuy Side Trading SummitBank Executive SummitInsurance Executive SummitTelcoTVEthernet ExpoOptical Expo
Magazines  
InformationWeekWall Street & TechnologyInsurance & TechnologyBank Systems & TechnologyAdvanced TradingMSDNTechNetSmart EnterpriseThe Architecture JournalDatabase Magazine
 
Research & Analyst Services  
Heavy ReadingInformationWeek ReportsInformationWeek Analytics