Web 2.0 technology brings new security threats

Web 2.0 style services and applications have laid the foundation of a new battlefield between hackers and criminals and the rest of us, a Security Expert speaking at Open Web Application Security Project (OWASP) U.S. 2007 conference said.

The conference was organised by eBay and is a place where security professionals can meet and exchange ideas with their peers and is the forerunner to next years Read Team eBay security conference.

Petko Petkov said that tools are readily available for criminals to use and nascent technologies like mashups will soon enable hackers to move up several notches.

The security researcher said that it wouldn't be easy for service providers like Microsoft or Google to close an app or a widget down in a bid to cull an attack.

More worrying, the use of RSS to email services to send commands to Zombie computers in a smart way as RSS feeds are not blocked by firewalls.

Rather than the technology behind Web 2.0 phenomenon, it is the permeability and the "open-all-day" approach that embodies the Web 2.0 mindset that will ultimately breach security defences.

It is still early days for Web 2.0 hacking but things have evolved since the first hackers and the first viruses were written; criminals have got much nastier this time.