Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
ComputerWorldNetwork WorldCIO CanadaCIO Canada Governments' ReviewJobUniverse Canada
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Unlock the potential of data with the right data warehouse solutionUnlock the potential of data with the right data warehouse solution
Provided by: IBM
read more
IBM Multiform Master Data Management: The evolution of MDM applicationsIBM Multiform Master Data Management: The evolution of MDM applications
Provided by: IBM
read more
Closing the data privacy gap: Protecting sensitive data in non-production environmentsClosing the data privacy gap: Protecting sensitive data in non-production environments
Provided by: IBM
read more
Yuk it Up
Green IT Playbook
Featured IT Quiz
IT Quiz: IT World Canada and IDC Canada want to know how your Green IT strategy is shaping up. Take this quiz to see how your company stacks up against other IT World Canada readers.
Featured White Papers
This white paper details Intel's current and future energy-saving initiatives to reduce costs and support business goals. Learn how Intel IT is extending its efforts to be a role model enterprise IT organization by supporting the Climate Savers Computing Initiative, which aims to drive a 50 percent reduction in computer-related CO2 emissions worldwide. No registration required.
Sign-Up for
Communications Infrastructure
eNewsletter Delivered Weekly
Click here
Page 1 of 1

Why 'transitive trust' makes Web 2.0 dangerous

By: Dave Webb - Network World Canada  (07 Dec 2007)

Burgeoning Web 2.0 platforms will figure significantly in the IT threat landscape in the coming year, say researchers for security vendor Websense.

The company anticipates hackers will use profile information and the demographics of specific social networking sites to better target their attacks. And the proliferation of social networking applications, widgets and mash-ups increases the likelihood of “weak link” attacks on vulnerable sites and content.

Those are two of the trends the company outlined in its Top 10 list of security threats for 2008.

Attackers are relying on “transitive trust,” says Stephan Chenette, manager of the San Diego, Calif., vendor’s security lab. Ads, mash-ups and widgets that are appearing on trusted sites are hosted in another location. “That site isn’t responsible” for the code, which could draw the user to a malicious site.

“A lot more spam messages are claiming to be from Facebook and other social networking sites,” Chenette says. Because people are used to receiving Facebook messages and clicking on requests, they’re more likely to respond.

“It’s that moment of trust when they see it and click.”

The renaissance of the Apple brand, thanks in large part to phenomenal iPhone sales, means users who were once protected by hackers’ lack of interest in the platform because of its small footprint in the consumer market will see more attacks targeting Macs.

“Both Mac and Linux users in the past assumed security,” says Chenette. “With the increased usage of Macs, there will be more Mac attacks.” And while any smart phone is vulnerable, the iPhone will be particularly targeted because of its popularity.

Malicious sites are also using browser and operating system detection to target attacks to specific platforms, he said.

And the company anticipates large-scale denial of service attacks, fraud and phishing associated with the summer Olympics in Beijing. Event-based attacks are common, Chenette says. The Web site for the NFL football Miami Dolphins franchise was hacked and mined with exploit code last January in the weeks leading up to the NFL championship game, which was hosted in Miami.

“The event occurred just before the Super Bowl, when the hackers knew there would be a lot of traffic,” he says.

Also, China ranks with Russia and Brazil at the top of the list of sources of malware, phishing attacks and other exploits. Chenette predicts an associated spam run or hack of the site.

Other threat trends to watch for, according to Websense:

  • Spam and fraud will cross over to the ever-growing cell phone population, and “vishing” attacks will target voice over IP users, luring them to input credentials over the phone line.
  • Hackers will increasingly use Web spam in forums, blogs and commentary areas of news sites to drive surfers to malicious Web sites.
  • More attacks will be launched from compromised sites – otherwise legitimate Web sites that have been altered to host a malicious payload – than from sites created by attacker for that specific purpose.
  • Polymorphic JavaScript, or Polyscript, will be used to serve up a uniquely coded Web page for every visit to a malicious site, making it difficult for signature-based scanning technologies to detect.
  • The use of data concealment technologies such as embedding data within protocols and media files will increase.
But Websense researchers also predict a worldwide cracker crackdown by law enforcement, and the arrest of key members of a hacker group.

The Storm attack is the largest professional botnet play in the history of the 'Net, and its exposure means the location and patterns of the creators can’t elude authorities forever.

“We predict key members of organized attacks are going to be taken down” in the next year, Chenette says.

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

Book Reviews

Special Advertising Partners
IDC Case Study: Identity And Access Management Buying Criteria.
IDC analyses IAM buying criteria and deployment at Coppin State University. Coppin State replaces "first generation" IAM solution to obtain benefits needed for today's agile enterprise: ease of integration, rapid deployment, simplified compliance, flexibility.
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
How can IT organizations protect sensitive data, including employee and customer information, as well as corporate confidential data and intellectual property? Industry analysts recommend "de-identifying" or masking data as a best practice for protecting privacy. This white paper explains the importance of closing the data privacy gap in non-production environments, and provides guidance on effective data masking. Complimentary with registration. Sponsored by IBM.
Unlock the potential of data with the right data warehouse solution
Once you've made the decision to implement a new data warehouse, you want to make sure you choose the one that's right for your organization. This buyer's guide provides checklists for starting points that you can use when evaluating vendors and their products. Complimentary with registration. Sponsored by IBM.
Prepare for a more efficient SAP implementation: Take data issues off the critical path
This white paper outlines how the Preliminary Data Assessment Appliance (PDAA) from IBM can help address the challenges of integrating data from different operational applications across the enterprise to an SAP platform. Complimentary with registration. Sponsored by IBM.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
PC World CanadaIntergovworld.comIT Vendors DirectoryBio-IT WorldCIO TitlesCMOComputerWorld TitlesCSO
GlossaryDarwinGameProInfoworldGames.netITJobUniverseJavaWorldMacCentral
MacWorldNetwork World TitlesPCWorldPlaylistIDG WorldWide Network
©2008 ITworldcanada.com All rights reserved.