Wall Street & Technology: Blog: Web 2.0: A New Port of Entry for Hackers?

Web 2.0: A New Port of Entry for Hackers?

If your company has leapt onto the Web 2.0 bandwagon – embracing applications like blogs, wikis and podcasts that foster increased collaboration and communication - it could be exposing its corporate networks to new attacks from hackers.

Web 2.0 applications enable anyone to have access to your source code and will expose you to attacks without you knowing it is happening, says Ryan Berg, co-founder and chief scientist for Ounce Labs , a provider of source code vulnerability analysis solutions.

“With Web 2.0, attackers have much more inside knowledge of how your applications work. You have to recognize that the minute you put your code in the browser, you no longer own it. Anyone can modify the browser code. So you must never trust the client,” Berg says. “And make sure your business-sensitive information is not exposed.”

Berg adds that nowadays Web browsers are being used as the attack platform of choice. In the pre-Web 2.0 days, you used to get a malicious alert box popping up on your screen which you could then simply avoid clicking on.

But the old adage of not clicking on any links you don’t trust no longer holds true. Nowadays, just visiting a Web site is sufficient: as soon as you visit what seems to be an innocuous Web site, code could start running on your machine in the background, ready to steal any sensitive information you have on your computer.

Berg says one of the best ways of protecting yourself when surfing the Web is to disable JavaScript, the scripting language most often used for web development, which enables any site to potentially run code in the context of your browser.

Internet Explorer is also a potential minefield: its use of Active X controls that give full access to the Windows operating system can expose you to malicious Active X threats in a way that other browsers such as Mozilla Firefox, will not.

Berg also urges Web users to remember to always log out of web applications. Online banking has become more risky. Clients used to have to download special applications from their bank in order to do online banking, but that is no longer necessary and clients who log onto their bank account from a regular Web browser application often forget to log out of the page, which leaves them open to attacks.

More generally, the ever-present Google bar in browsers allows users to do searches without having to close any open windows.

“It’s very easy for people to browse with all their windows open and this way the user loses the notion of what they are being authenticated into. It leaves you open to a bunch of attacks,” says Berg.

Posted by Melanie Rodier at 02:03 PM

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.