Featured News
Web 2.0 Threats Loom Large for IT
With the seemingly exponential growth of Web 2.0 technologies, IT professionals in education--and all other sectors, for that matter--face new challenges as control over technology slips away and moves into the hands of users. The very technologies that make Web 2.0 a reality (AJAX, in large part) seem to be considerably vulnerable to security breaches that can lead to data loss and theft and other malicious activities. And the growth of converged devices taking advantage of these technologies adds further to the problems.
Just this week, security firm Websense released a report that showed for the first time in history that Web sites compromised by "attackers" (phishers, etc.) now exceed those created specifically by attackers. In other words, more previously legitimate sites have been turned to malicious purposes than sites created for malicious purposes in the first place.
And the tool of choice in this new development? The Web 2.0 technologies used on those legitimate sites, which offer vulnerabilities attackers can take advantage of.
According to the Websense Security Labs report, which looked at security trends in the latter half of 2007, Web 2.0- and event-based attacks are on the rise, including spoofing search engine results to "drive traffic to infected sites."
Said Dan Hubbard, vice president of research for Websense, "We believe that attackers will continue to be creative and leverage Web 2.0 applications and user-generated content to create even bigger security concerns for organizations. With this in mind, organizations need to ensure their Web, messaging and data security solutions can protect the avenues hackers seek to exploit for financial gain."
But Websense is only the most recent raising red flags on the vulnerabilities of Web 2.0 technologies.
In higher ed, Georgia Tech's Information Security Center released a report entitled "GTISC Emerging Cyber Threats Report for 2008," in which Web 2.0 was cited first as one of the threats to watch in 2008, topping botnets, directed messaging attacks, and RFID attacks. (It also cited related mobile convergence threats--devices built to take advantage of Web 2.0 technologies--in its top 5.)