Watch Out for Web 2.0
Hey, I didn't say it. Take a look at the "GTISC Emerging Cyber Threats Report for 2008" from Georgia Tech's Information Security Center. The report was released at the GTISC Security Summit on Emerging Cyber Security Threats and Countermeasures last week. The report identifies the key data security threats to watch in the coming year and "Web 2.0" is on their list of the top 5 emerging security risks.
They are looking at threats to both consumers and the enterprise and by "threat" they mean people exploiting holes in these new applications - most likely for financial gain.
Part of the 2.0 problem is that these new apps are developing so fast. If you use Facebook, you know there's a new tool/widget/app available every day. Most users make the assumption that "someone" is checking this software out and watching out for us. Apple iPhone users were mad that you couldn't add third-party applications onto the phone (though people have now hacked the phone to do so, of course) but those kinds of cool 2.0 applications are what this report is addressing. And, of course, no one reads the "Terms of Agreement" before they install, do they?
The report's 5 big areas of threat are:- Web 2.0 and client-side attacks on social networking technologies, aimed at "stealing private data, hijacking Web transactions, executing phishing scams, and perpetrating corporate espionage;"
- Targeted messaging attacks, aimed at individual users, largely for the purpose of stealing authentications and private data;
- Botnets expanding the scope of their activities to the theft of information and increasing abuse of DMS servers;
- Mobile convergence threats (includes vishing and SMiShing - bet you didn't even know they existed) plus denial of service attacks targeting your voice infrastructure
- RFID attacks, tracking users via RFID devices, cloning, RF blocking
Comments
No comments