logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 243 days ago
Via: http://lists.jammed.com | Tags: isn justice commerce warn web security risks comments Discuss  


http://www.gcn.com/online/vol1_no1/46063-1.html



By Dan Campbell

Special to GCN

04/03/08



Defense-in-depth protection for agency Web sites is the recommendation

from Justice and Commerce department representatives who spoke during

the FOSE 2008 Conference and Exposition about the dangers of targeted

attacks.



.[The] Web is a collaboration method, but the benefits of collaboration

will not be realized unless that collaboration is done securely,. said

Michael Castagna, Commerce.s chief information security officer.



.We must understand the promise and peril of technology,. he added.

.Criminal syndicates are targeting intellectual assets such as credit

card data and personal information and then are selling that

information..



Castagna also spoke about Web 2.0 risks. He described the three

components of Web 2.0 as service-oriented architecture, application

program interfaces, and rich Internet applications that use technologies

such as Flash, Really Simple Syndication, and Asynchronous JavaScript

and Extensible Markup Language.



Web 2.0 is about the user experience, with an emphasis on

user-contributed content. In Web 2.0, the Web has become the

application, but in Web 3.0, the Web becomes a database. Castagna

asserted that although Web 2.0 presents its own security risks, he is

also looking ahead to Web 3.0 and the risks it might present. .Web 3.0

will consist of a database of machine-to-machine content,. he said.

.Search moves from contextual to semantic where it is interactive and

powerful and must be secured..



Mischel Kwon, deputy director of IT security at Justice, spoke about the

danger of the relatively new IFrame attacks.



An IFrame (short for inline frame) is an HTML element that makes it

possible to embed another HTML source inside the main document. In an

IFrame attack, malicious code is injected into Web pages that redirect

visitors to third-party malware sites.



Despite the persistence of such attacks, Kwon acknowledged the power of

Web applications. .To be effectively used, Web applications require ease

of access, connectivity to other applications and rich functionality,.

she said. .The last thing you want to do is inhibit it via security. You

must balance security with mission necessity and do risk analysis to

decide what risks we are willing to take to allow that rich

functionality..





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security