Web security firm Finjan has just released a report outlining “sophisticated new threats that target Web 2.0 platforms and technologies.” According to the report, this web security threat “centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities.”
Finjan acknowledges that Web 2.0 and AJAX technologies enable a rich user experience for Internet users, but they warn: “the technology also flings open the door to new malware propagation methods.” How so? Because hackers are targeting high-traffic web sites and either embedding malicious code in hosted Web content, or using AJAX to query what Finjan calls “the hidden web”.
Also the report shows that content of websites distributing malicious code is being duplicated on storage and caching servers used by ISPs, Enterprises and leading search engines. This means that malicious code is available and can be referenced by third party web pages to exploit an end user’s machine – even if the original malicious website has been taken down.
I’ve asked Finjan to send me the full report, but I thought in the meantime it’s worth throwing the question open: have you ever experienced a web security breach on a web 2.0 or ajax service? Particularly on a “high traffic site” – which I take to mean a MySpace or a YouTube. What hacking stories do you know of in the web 2.0 space?
Originally published on ReadWriteWeb (archived copy)