tag:,2008:/1/tag:72.47.210.69,2006://1.5085- 2008-08-22T19:04:31Z Comments for War on Web 2.0 Terror Movable Type 4.1 tag:72.47.210.69,2006://1.5085 2006-10-13T12:34:48Z 2007-12-16T23:16:25Z War on Web 2.0 Terror Richard MacManus http://www.readwriteweb.com finjanWeb security firm Finjan has just released a report outlining "sophisticated new threats that target Web 2.0 platforms and technologies." According to the report, this web security threat "centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities."

Finjan acknowledges that Web 2.0 and AJAX technologies enable a rich user experience for Internet users, but they warn: "the technology also flings open the door to new malware propagation methods." How so? Because hackers are targeting high-traffic web sites and either embedding malicious code in hosted Web content, or using AJAX to query what Finjan calls "the hidden web".

Also the report shows that content of websites distributing malicious code is being duplicated on storage and caching servers used by ISPs, Enterprises and leading search engines. This means that malicious code is available and can be referenced by third party web pages to exploit an end user's machine - even if the original malicious website has been taken down.

I've asked Finjan to send me the full report, but I thought in the meantime it's worth throwing the question open: have you ever experienced a web security breach on a web 2.0 or ajax service? Particularly on a "high traffic site" - which I take to mean a MySpace or a YouTube. What hacking stories do you know of in the web 2.0 space?

]]> tag:72.47.210.69,2006://1.5085-comment:39689 Comment from /pd on 2006-10-13 /pd http://peterdawson.typepad.com wont you say that the recent fake blog posting on an offical google blog - was a web2.0 hack ?

"A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog claiming that we have discontinued our AdWords click-to-call test. "

Not sure if Skype falls under a web2.0 folio. But SIP is certainly under attack with the reveresed eng stuff. Check the Superintendent Trojan here for more details

http://www.heise-security.co.uk/news/79212

]]> 2006-10-13T13:31:45Z tag:72.47.210.69,2006://1.5085-comment:39690 Comment from Pete on 2006-10-13 Pete http://www.menace.co.nz There was also that user created DOS 'attack' at MySpace last year (think it was some javascript that added everyone on the site as his friend?).

I also noticed a couple of SNS that can access your gmail, yahoo mail and hotmail contacts when you go to invite your friends, while not hacking per say, a spammer could use this to harvest email address.

]]> 2006-10-13T22:56:54Z tag:72.47.210.69,2006://1.5085-comment:39691 Comment from the rub on 2006-10-13 the rub http://www.ishtarnation.com Fill us in if you end up getting that report!

]]> 2006-10-14T00:59:49Z tag:72.47.210.69,2006://1.5085-comment:39692 Comment from Dominic Jaar on 2006-10-15 Dominic Jaar http://dominicjaar.blogspot.com A hardcore user of all 2.0 technologies, I've never had or heard about any security issues. I would be most interested to know about them: I'm giving a presentation on the topic in February...

]]> 2006-10-15T23:56:18Z