Web 2.0 threatens security: Symantec

Security firm Symantec has highlighted Web 2.0 technologies and instant messaging (IM) applications as significant threats to corporate security.

Security firm Symantec has highlighted Web 2.0 technologies and instant messaging (IM) applications as significant threats to corporate security.

In its Internet Threat Report for the first half of 2006, which was published on Monday in the US, Symantec said that the collaboration required to create Web 2.0 projects opened the technology to vulnerabilities.

Web 2.0 technologies present "a number of areas for security concern", one of which is the "rush to develop" services and applications without delivering the same level of security auditing as would happen with traditional client-based applications.

Symantec's Asia Pacific vice president, David Sykes, said the main worry was that because many Web 2.0 projects relied on the collaboration of several independent sources, it would be easier for malicious users to find a way of exploiting the "implied trust" that was required.

"The collaboration basis is built on trust and automatically, it is available to be exploited by someone with malicious intent. In addition to that we are racing to get these apps to market in time and perhaps we are not taking all the care we could to address security issues.

"Web 2.0 opens up both those soft underbellies in a pretty big way and we anticipate we will be working hard to protect that environment in the future," added Sykes.

Keeping an eye on IM
Sykes told ZDNet Australia that IM applications were also a problem because too often they were being used without the proper authorisation or controls.

"IM is now out there as a broadly based communication mechanism. It is going into commercial environments and if you are someone who wants to compromise privacy for financial gain then that would be a nice juicy target -- particularly since it is often flying under the radar for most large corporate IT security operations," said Sykes.

Sykes said that e-mail quickly became a popular method of delivering malicious content to users and IM is destined to follow the same route: "Sit down and track the history of malicious code and security breaches by e-mail -- we are watching the same thing happen with instant messaging".