Web 2.0 Is Coming And So Are The Security Headaches
The growing popularity of Web 2.0 technologies, like social networking sites, Wikis, and sophisticated applications like ThinkFree’s Web Application Suite are brining security headaches with them. System administrators need to keep emphasizing defense in depth. The inbox is being replaced as the favorite target or malware delivery. As more software shifts to a service model and we go to the Web rather than desktop applications for our work, the malware will follow.
Here’s some thoughts from news sources on the topic.
CNET is reporting MySpace is suing a spammer for exploiting the MySpace site to send unwanted messages. The article notes this is not MySpaces only security problem these days:
Phishing is just one security problem facing MySpace these days. In December, the site had to deal with a QuickTime worm that posted links to fraudulent Web sites by exploiting a vulnerability in MySpace's architecture.
Meanwhile, the BBC is reporting on shifting tactics of malware writers:
They are also subtly changing tactics - instead of sending so-called spyware-infected e-mails, they are sending e-mails linking to websites which contain a malicious downloader. …Links to websites containing Trojan downloaders account for 51% of infected mail while spyware-infected mail accounts for 42%, according to Sophos.
Antoher source, myTelus, also notes that improved security around messaging is leading to a shift in tactics.
Hackers are turning to new avenues to launch their attacks because users are increasingly protecting their e-mails.
What to do? Keep anti-virus/anti-malware up to date on the desktop but scan network traffic as well. Remember defense in depth.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
