Watch Out for Web 2.0

Hey, I didn't say it. Take a look at the "GTISC Emerging Cyber Threats Report for 2008" from Georgia Tech's Information Security Center. The report was released at the GTISC Security Summit on Emerging Cyber Security Threats and Countermeasures last week. The report identifies the key data security threats to watch in the coming year and "Web 2.0" is on their list of the top 5 emerging security risks.


They are looking at threats to both consumers and the enterprise and by "threat" they mean people exploiting holes in these new applications - most likely for financial gain.


Part of the 2.0 problem is that these new apps are developing so fast. If you use Facebook, you know there's a new tool/widget/app available every day. Most users make the assumption that "someone" is checking this software out and watching out for us. Apple iPhone users were mad that you couldn't add third-party applications onto the phone (though people have now hacked the phone to do so, of course) but those kinds of cool 2.0 applications are what this report is addressing. And, of course, no one reads the "Terms of Agreement" before they install, do they?

The report's 5 big areas of threat are:


  1. Web 2.0 and client-side attacks on social networking technologies, aimed at "stealing private data, hijacking Web transactions, executing phishing scams, and perpetrating corporate espionage;"

  2. Targeted messaging attacks, aimed at individual users, largely for the purpose of stealing authentications and private data;

  3. Botnets expanding the scope of their activities to the theft of information and increasing abuse of DMS servers;

  4. Mobile convergence threats (includes vishing and SMiShing - bet you didn't even know they existed) plus denial of service attacks targeting your voice infrastructure

  5. RFID attacks, tracking users via RFID devices, cloning, RF blocking



Trackbacks

Trackback specific URI for this entry

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA