ReadWriteWeb

War on Web 2.0 Terror

Written by Richard MacManus / October 13, 2006 5:34 AM / 4 Comments

finjanWeb security firm Finjan has just released a report outlining "sophisticated new threats that target Web 2.0 platforms and technologies." According to the report, this web security threat "centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities."

Finjan acknowledges that Web 2.0 and AJAX technologies enable a rich user experience for Internet users, but they warn: "the technology also flings open the door to new malware propagation methods." How so? Because hackers are targeting high-traffic web sites and either embedding malicious code in hosted Web content, or using AJAX to query what Finjan calls "the hidden web".

Also the report shows that content of websites distributing malicious code is being duplicated on storage and caching servers used by ISPs, Enterprises and leading search engines. This means that malicious code is available and can be referenced by third party web pages to exploit an end user's machine - even if the original malicious website has been taken down.

I've asked Finjan to send me the full report, but I thought in the meantime it's worth throwing the question open: have you ever experienced a web security breach on a web 2.0 or ajax service? Particularly on a "high traffic site" - which I take to mean a MySpace or a YouTube. What hacking stories do you know of in the web 2.0 space?

Posted in

1 TrackBacks

TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/2820

Comments

Subscribe to comments for this post OR Subscribe to comments for all Read/WriteWeb posts

  • wont you say that the recent fake blog posting on an offical google blog - was a web2.0 hack ?

    "A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog claiming that we have discontinued our AdWords click-to-call test. "

    Not sure if Skype falls under a web2.0 folio. But SIP is certainly under attack with the reveresed eng stuff. Check the Superintendent Trojan here for more details

    http://www.heise-security.co.uk/news/79212

    Posted by: /pd | October 13, 2006 6:31 AM



  • There was also that user created DOS 'attack' at MySpace last year (think it was some javascript that added everyone on the site as his friend?).

    I also noticed a couple of SNS that can access your gmail, yahoo mail and hotmail contacts when you go to invite your friends, while not hacking per say, a spammer could use this to harvest email address.

    Posted by: Pete | October 13, 2006 3:56 PM



  • Fill us in if you end up getting that report!

    Posted by: the rub | October 13, 2006 5:59 PM



  • A hardcore user of all 2.0 technologies, I've never had or heard about any security issues. I would be most interested to know about them: I'm giving a presentation on the topic in February...

    Posted by: Dominic Jaar | October 15, 2006 4:56 PM




RECENT JOBS


POPULAR TAGS


TEXT LINK ADS


RWW PARTNERS


RWW READERS