Archive for September 18th, 2009

Web 2.0 sites that enable people to create content are increasingly used to carry out a wide range of attacks, according to a new security study.

Websense’s State of Internet Security” (PDF), released Tuesday, notes that attackers are focusing their attention on interactive Web 2.0 elements. Some 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or contain malicious links, the security vendor warned.

“The very aspects of Web 2.0 sites that have made them so revolutionary–the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks–are the same characteristics that radically raise the potential for abuse,” Websense said in its report.

Web 2.0 sites, the company added, comprise “many” of the most visited sites on the Internet. The top 100 most visited Web properties, tended to be classified as social-networking or search sites. Nearly half, or over 47 percent, of the top 100 Web sites support user-generated content.

Source and full story at: news.cnet.com

Remember folks, you can’t rely solely on your anti-virus and spyware scanners any more if you use “Web 2.0″ enabled websites, you’ll also need to depend upon some good old common sense.

Some basic rules to follow:

• Be aware of what exactly you’re giving permissions to in your browser.
• If you’re required to download a plugin make sure that it comes from a reliable source.
• Double check the web address: Are you sure you’re entering your details into the site you want to? Phishing (login detail theft) is more prevalent than ever and can lead to identity theft. So while the site you’re on looks like your banks, Facebook or your web email is it really the official site? If unsure it’s always best to be paranoid than not. Copy the web address and email their support folk. It’s better than losing your account.
• If you suspect an application is not what it appears to be – go with your gut. First impressions are usually correct.
• If you can’t “block” the application then alarm bells should be ringing.
• … and finally; Don’t believe everything you read. A lot of online “scanners” are not what they appear to be and are in fact malware. If you’re intent on using an online scanner then use an established and trusted online scanning source.

So it’s not as scary out there as some make out but as long as you take a few precautions. Scanners will do their best to keep you safe but they can take awhile to recognise.

Increase your knowledge of what can and can’t happen and your browsing experience will stay healthy and happy.