Web 2.0 security issues in the spotlight

Web 2.0 sites on the Web, such as MySpace and Flickr, are useful services to access but, according to Paul Henry, CTO with Secure Computing, they also expose organisations to potentially serious inbound and outbound security threats.

The problem, he says, is that whilst organisations can train employees to stop clicking on suspicious e-mail attachments, there's no way to show them definitively how a malicious Web site differs from a legitimate one.

The issues are made worse, he says, by the fact that Web 2.0 applications, such as blogs, wiki's and social networking sites, allow users to post executables in chat sessions and other areas.

But, he adds, outbound threats such as these aren't always intentional - sometimes they are purely accidental.

For example, he says, an employee might unintentionally open or allow a `back door' to be opened after downloading a rogue application that has not been approved by the IT department.

And if left unchecked, he argues, data leakage can cause intellectual property loss or violate compliance regulations like Sarbanes-Oxley or the Companies Act.

You know, the more I think about it, the more Web 2.0 technologies pose a much more serious security risk than many people realise...