Web 2.0 isn’t just for the likes of MySpace and YouTube anymore. Mainstream companies are catching the fever. The only problem is, they might be rushing headlong into something that could put their network — and their customers — at risk.<\/p>\n","protected":false},"excerpt":{"rendered":"
“Web 2.0 is all about openness and freedom,” said Kris Lamb, a director with IBM’s Internet Security Systems, in an interview at Interop.<\/p>\n
As companies rush to embrace this trendy new media phenomenon, IT and security managers are being warned to slow down the process and make sure they think through their security.<\/p>\n
Web 2.0 technologies — the kinds that promote interactivity and community-building and made MySpace and YouTube household names — are starting to gain a foothold on more conventional Web sites. An automobile maker, for instance, might start a social network or blog for customers to write about their experiences with their vehicles or to post pictures or videos from their favorite road trips. <\/p>\n
But the advantages of creating these communities and enriched Web sites also come with the same risks that plague the Web 2.0 giants. Hackers and spammers can join MySpace to create their own pages, riddled with malicious code, to infect their social-networking peers. And hackers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic.<\/p>\n
“It’s a gold rush right now,” said David Cole, director of Symantec Security Response, in an interview at Interop.<\/p>\n
Paul Judge, chief technology officer at Secure Computing, said in an interview that many companies are still getting their arms around traditional Web site issues, including database validation problems, and now they’re being hit with unfamiliar technologies. <\/p>\n
Symantec ‘s Cole said IT managers need to make sure they take enough time to plan out the necessary safeguards before they jump into Web 2.0 technologies. Make sure that users aren’t allowed to use JavaScript, and assume that spammers will find the site — so set up protections and caution users from putting up too much personally identifying information, especially e-mail addresses.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=124871&WT.svl=cmpnews2_3<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-831","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=831"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/831\/revisions"}],"predecessor-version":[{"id":3318,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/831\/revisions\/3318"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}