From the Sept. 2007 Issue
One of your employees at home is browsing the Internet and finds a cool video on YouTube. They decide they want to share it with all their coworkers because it is so funny. They send the link into the office. The next morning, they distribute it to their coworkers who dutifully view the content. On the surface, this may seem like a very benign issue with all the antivirus, anti-spyware, firewalls, and other stuff we have installed to protect our computers from various attacks. For many of you, this may just seem like another easy day at the office with a few coworkers sharing a funny video. Well, perhaps it seems that way, but the reality is that it may not be that simple.
Web 2.0: In the past few years, several new Web formats have come into use. These technologies include such new items as weblogs (blogs), social bookmarking, wikis, podcasts, RSS Feeds, social software, WEB APIs, web standards, and online web services. While there is some disagreement about whether these new technologies are simply an outgrowth of already existing technology or actually a new invention, those who advocate for Web 2.0 argue that these are next generation technologies.
Example 2: Gaining access the same way as in example one, the malicious hacker instead substitutes the host name of a URL stored in the user’s bookmarks to a website under the control of the criminal. The criminal’s server will then offer up a phishing page that requests confidential information from the user. Believing they are on a legitimate site, the user will generally enter this information, especially since the user launched the website from their Favorites list after previously adding the site to their Favorites.
Example 3: Gaining access to the computer in the same method as Example 1, the hacker would use the user’s computer to participate on bot-net attacks, send spam, participate in denial of service attacks, and (if on a corporate network) use the PC in violation of corporate Internet usage policies.
Protection from Attack