Another week, another web 2.0 security issue.

January 18, 2008

Not a week goes by without a web 2.0 breach/hack/infestation/buyout*

This week two issues have surfaced around the 2.0 ethos. The first is concerned with myspace.com, a ‘back door’ resides within the myspace architecture that allows access to private profiles – including those whom the law considers to be a minor. This is interesting as myspace, as recently as Monday, announced measures to protect minors in a joint press statement with with 49 attorney generals in the US. (link)

(*delete as appropriate)

The second, deals with code malicious mobile code propagating from legitimate sites around the Internet. dubbed the ‘random JS toolkit’ the code attacks in two stages. Stage one infects the website with an iFrame exploit, installing itself on the legitimate website, stage two in the normal infection stage of client machines via malicious code and installation of trojans/spyware/adware.

It’s interesting to note that the evolution of attack vectors, are they following the trends of mainstream IT. Could this maybe considered the first client/server malware…

Thanks

Paul

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: