Berners-Lee: Web security a 'never-ending battle'

Summary:The dark side of the web needs to be addressed through technical and educational means, according to Sir Tim Berners-Lee

The man credited with invention of the world wide web, Sir Tim Berners-Lee, has warned that web security is a "never-ending battle".

Speaking at a lecture hosted by the Institution of Engineering and Technology in London on Thursday, Berners-Lee said that, while he was against web censorship per se, both technological and educational means should be employed to tackle internet security issues.

"A lot of security work is going on [on the web], but security is a never-ending battle," said Berners-Lee. "The web is used by humanity, and humanity has a dark and a light side. I'm an optimist — I think the light side wins. The web is supposed to be a blank sheet of paper, and you can write dark things on that paper as well as light. If you tried to control the web, you would end up with engineers deciding what the truth is, which is worse. But, if we see nasty things happening, we should try and tweak [the web]. If you look at any protocol anywhere, there are technical and social restrictions."

Berners-Lee said that web technology had been originally designed for "a friendly academic environment". Numerous technologies including email and wikis had been conceived in a positive light, and are being used to the good by large numbers of people. But he said that the negative side of technology use should be addressed.

"We made the email system, and in turn it's used by a huge number of people. The person who designed wikis led to Wikipedia [being founded]. Email and the web allow the mass sending of information, but were designed for a friendly academic environment. You have to look at the result: there are huge volumes of spam, phishing attacks — that's bad, and we have to fix that — that is the cycle of websites," said Berners-Lee.

Phishing attacks have the potential to damage consumer confidence in the web, because consumers are "now not sure if it's [their] bank". Berners-Lee called for a mixture of technological and educational measures to mitigate web-security issues. Technical means should be employed to mitigate current Web 2.0 threats, such as cross-site scripting attacks, he said, while good security practice should be encouraged among end users.

Cross-site scripting attacks exploit JavaScript flaws to inject malicious code into a web page during a user's browser session. "Cross-site scripting attacks are a huge problem," said Berners-Lee. "Other times it's just straightforward education. Don't train users to type their passwords into websites in the clear. Banks are training [US users] to give their social security number. There are some security flaws they haven't thought they're training people to do."

Topics: Networking

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.