WEB 2.0 and security INFORMATION WEEK.com

equity78 · 05-26-2007, 07:56 PM

Amid The Rush To Web 2.0, Some Words Of Warning
All that social interaction and user-generated content opens a Pandora's box of security concerns.

By Larry Greenemeier Sharon Gaudin
InformationWeek
May 26, 2007 12:00 AM (From the May 28, 2007 issue)

As businesses rush to get involved in Web 2.0, they must think about the security implications of all those blogs, wikis, and social networks. They could be putting their networks, employees, and customers at risk.

"Web 2.0 is all about openness and freedom," says Kris Lamb, director of the IBM Internet Security Systems division's X-Force security research organization. "You're really tearing down the traditional barriers that have kept companies safe."

Business managers and marketing heads like the idea of customer-generated content. An automobile maker, for instance, might start a social network or blog, allowing customers to write about their experiences and post pictures and video.

Most Frequently Blocked Web Sites
Percentage of Barracuda Networks' customers blocking these sites
2o7.net 58.4%
doubleclick.net 57.6%
googlesyndication.com 57.6%
advertising.com 54.0%
hitbox.com 53.9%
revsci.net 53.4%
atwola.com 52.3%
ads1.msn.com 50.2%
rad.msn.com 49.3%
ads.cnn.com 43.2%

But just look at some of Web 2.0's darlings to see what can go wrong. Hackers and spammers can create their own pages on MySpace and riddle them with malicious code to infect their social networking peers. One worm planted in a MySpace page infected more than 1 million users. And malware writers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic.
????: NamePros.com http://www.namepros.com/dot-tv-appraisals-industry-news/332441-web-2-0-security-information-week.html

"You have to remember that you're taking all this code from the back end and pulling it down to the client," says David Cole, director of Symantec Security Response. "If you have some goofy code in there, you could be exposing it with these technologies."
????: NamePros.com http://www.namepros.com/showthread.php?t=332441

Web 2.0 technologies allow data to move in new ways at faster speeds, complicated by the fact that users are so much more involved. "You've got to make sure you're protecting users from each other," says Paul Judge, CTO at security vendor Secure Computing. "You have to have some containment and control."

IT managers need to make sure they take appropriate safeguards as their companies adopt Web 2.0 techniques and technologies. If a company is going to use third-party components or widgets, it should trust the source and audit the software, says Judge. Users shouldn't be allowed to use JavaScript, and IT administrators should assume spammers will find their sites, which means setting up protections and cautioning users against posting too much personally identifying information. He also recommends scanning company blogs to make sure no malicious code lies hidden within. When To Block Businesses and other organizations need to consider the implications of letting employees tap into Web 2.0 sites from work PCs. When the Defense Department recently banned its personnel from visiting social networking and entertainment sites such as MySpace, YouTube, and 11 others, it cited bandwidth constraints and security concerns.

Web-based content is generally blocked for three reasons: to avoid liability for any illegal activity involving workers, to reduce the risk of malware infections, and to prevent drop-offs in employee productivity.

Most companies are more concerned with blocking certain Web site categories—gambling and adult sites, for example—than with targeting individual Web sites like MySpace and YouTube, says Stephen Pao, VP of product management at Web filtering company Barracuda Networks.

Of course, social networking and other Web 2.0 sites may have value to workers beyond any distractions they might cause. Half of the 162 customers polled recently by security vendor Sophos say employees should be able to access MySpace. A quarter of respondents are opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest worry about employee backlash at having MySpace access taken away.

05-26-2007, 07:56 PM	THREAD STARTER #1 (permalink)
equity78 NamePros Expert Join Date: Oct 2004 Posts: 7,639	WEB 2.0 and security INFORMATION WEEK.com Amid The Rush To Web 2.0, Some Words Of Warning All that social interaction and user-generated content opens a Pandora's box of security concerns. By Larry Greenemeier Sharon Gaudin InformationWeek May 26, 2007 12:00 AM (From the May 28, 2007 issue) As businesses rush to get involved in Web 2.0, they must think about the security implications of all those blogs, wikis, and social networks. They could be putting their networks, employees, and customers at risk. "Web 2.0 is all about openness and freedom," says Kris Lamb, director of the IBM Internet Security Systems division's X-Force security research organization. "You're really tearing down the traditional barriers that have kept companies safe." Business managers and marketing heads like the idea of customer-generated content. An automobile maker, for instance, might start a social network or blog, allowing customers to write about their experiences and post pictures and video. Most Frequently Blocked Web Sites Percentage of Barracuda Networks' customers blocking these sites 2o7.net 58.4% doubleclick.net 57.6% googlesyndication.com 57.6% advertising.com 54.0% hitbox.com 53.9% revsci.net 53.4% atwola.com 52.3% ads1.msn.com 50.2% rad.msn.com 49.3% ads.cnn.com 43.2% But just look at some of Web 2.0's darlings to see what can go wrong. Hackers and spammers can create their own pages on MySpace and riddle them with malicious code to infect their social networking peers. One worm planted in a MySpace page infected more than 1 million users. And malware writers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic. ????: NamePros.com http://www.namepros.com/dot-tv-appraisals-industry-news/332441-web-2-0-security-information-week.html "You have to remember that you're taking all this code from the back end and pulling it down to the client," says David Cole, director of Symantec Security Response. "If you have some goofy code in there, you could be exposing it with these technologies." ????: NamePros.com http://www.namepros.com/showthread.php?t=332441 Web 2.0 technologies allow data to move in new ways at faster speeds, complicated by the fact that users are so much more involved. "You've got to make sure you're protecting users from each other," says Paul Judge, CTO at security vendor Secure Computing. "You have to have some containment and control." IT managers need to make sure they take appropriate safeguards as their companies adopt Web 2.0 techniques and technologies. If a company is going to use third-party components or widgets, it should trust the source and audit the software, says Judge. Users shouldn't be allowed to use JavaScript, and IT administrators should assume spammers will find their sites, which means setting up protections and cautioning users against posting too much personally identifying information. He also recommends scanning company blogs to make sure no malicious code lies hidden within. When To Block Businesses and other organizations need to consider the implications of letting employees tap into Web 2.0 sites from work PCs. When the Defense Department recently banned its personnel from visiting social networking and entertainment sites such as MySpace, YouTube, and 11 others, it cited bandwidth constraints and security concerns. Web-based content is generally blocked for three reasons: to avoid liability for any illegal activity involving workers, to reduce the risk of malware infections, and to prevent drop-offs in employee productivity. Most companies are more concerned with blocking certain Web site categories—gambling and adult sites, for example—than with targeting individual Web sites like MySpace and YouTube, says Stephen Pao, VP of product management at Web filtering company Barracuda Networks. Of course, social networking and other Web 2.0 sites may have value to workers beyond any distractions they might cause. Half of the 162 customers polled recently by security vendor Sophos say employees should be able to access MySpace. A quarter of respondents are opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest worry about employee backlash at having MySpace access taken away. __________________ Host your website with name.com and get up to $10.99 off any domain registration First Quarter 2012 5 letter.com sales report

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)