Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured White Papers
Download the Network Barometer Report, which aggregates findings from secure network infrastructure assessments conducted for more than 150 organisations around the world. It provides some surprising stats on the state of network (un)readiness prevalent today; the reasons why organisations are failing at remediating known vulnerabilities; recommendations on assessing your own infrastructure, and on ways to improve your state of readiness to support the business; and more.
Early-generation server load-balancing technology has proven to be an invaluable asset, especially for organizations hosting widely utilized Web applications. But business requirements evolve, as do the processes and technologies used to fulfill them. The many changes and trends that have taken hold since SLBs were first introduced expose the need for enterprises to step up from a simple load-balancing solution to a more comprehensive application delivery solution . This paper is intended to serve as a guide for organizations looking to replace their early-generation SLBs, providing details on the top eight criteria to use during an evaluation process.
Featured Spotlight
Keep up on who's hiring, who's downsizing and how the government is helping. News, job opportunities, recruiters and employment lawyers are all available.
Sign-Up for
Communications Infrastructure
eNewsletter Delivered Weekly
Click here
Page 1 of 1

Digg it Twitter

Why 'transitive trust' makes Web 2.0 dangerous

By: Dave Webb - Network World Canada  (07 Dec 2007)

Burgeoning Web 2.0 platforms will figure significantly in the IT threat landscape in the coming year, say researchers for security vendor Websense.

The company anticipates hackers will use profile information and the demographics of specific social networking sites to better target their attacks. And the proliferation of social networking applications, widgets and mash-ups increases the likelihood of “weak link” attacks on vulnerable sites and content.

Those are two of the trends the company outlined in its Top 10 list of security threats for 2008.

Attackers are relying on “transitive trust,” says Stephan Chenette, manager of the San Diego, Calif., vendor’s security lab. Ads, mash-ups and widgets that are appearing on trusted sites are hosted in another location. “That site isn’t responsible” for the code, which could draw the user to a malicious site.

“A lot more spam messages are claiming to be from Facebook and other social networking sites,” Chenette says. Because people are used to receiving Facebook messages and clicking on requests, they’re more likely to respond.

“It’s that moment of trust when they see it and click.”

The renaissance of the Apple brand, thanks in large part to phenomenal iPhone sales, means users who were once protected by hackers’ lack of interest in the platform because of its small footprint in the consumer market will see more attacks targeting Macs.

“Both Mac and Linux users in the past assumed security,” says Chenette. “With the increased usage of Macs, there will be more Mac attacks.” And while any smart phone is vulnerable, the iPhone will be particularly targeted because of its popularity.

Malicious sites are also using browser and operating system detection to target attacks to specific platforms, he said.

And the company anticipates large-scale denial of service attacks, fraud and phishing associated with the summer Olympics in Beijing. Event-based attacks are common, Chenette says. The Web site for the NFL football Miami Dolphins franchise was hacked and mined with exploit code last January in the weeks leading up to the NFL championship game, which was hosted in Miami.

“The event occurred just before the Super Bowl, when the hackers knew there would be a lot of traffic,” he says.

Also, China ranks with Russia and Brazil at the top of the list of sources of malware, phishing attacks and other exploits. Chenette predicts an associated spam run or hack of the site.

Other threat trends to watch for, according to Websense:

  • Spam and fraud will cross over to the ever-growing cell phone population, and “vishing” attacks will target voice over IP users, luring them to input credentials over the phone line.
  • Hackers will increasingly use Web spam in forums, blogs and commentary areas of news sites to drive surfers to malicious Web sites.
  • More attacks will be launched from compromised sites – otherwise legitimate Web sites that have been altered to host a malicious payload – than from sites created by attacker for that specific purpose.
  • Polymorphic JavaScript, or Polyscript, will be used to serve up a uniquely coded Web page for every visit to a malicious site, making it difficult for signature-based scanning technologies to detect.
  • The use of data concealment technologies such as embedding data within protocols and media files will increase.
But Websense researchers also predict a worldwide cracker crackdown by law enforcement, and the arrest of key members of a hacker group.

The Storm attack is the largest professional botnet play in the history of the 'Net, and its exposure means the location and patterns of the creators can’t elude authorities forever.

“We predict key members of organized attacks are going to be taken down” in the next year, Chenette says.

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

Book Reviews

White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.