Wednesday, April 01, 2009
Computer Security in the scope Web 2.0
The current issue of ACM Queue puts Web Security in focus. One article is titled Cybercrime 2.0: When the Cloud Turns Dark. In essence, it is really hard to disagree. I could just add a couple of web attack scenarios based on update services or instant messaging. A lack of security in the design of web applications and the underlying infrastructure is the root cause, as stated in the conclusion of the article. But it is really hard to see some kind of remedy in the near future. On the contrary, new solutions like offline web-applications, cloud computing and the so called Web-OS are all based on vulnerable technologies but connect a large number of users and machines. This will increase the attack surface because each single hole in the system might give an attacker access to a large network of assets and services. Some people call these new applications and architecture already Web 3.0. Unfortunately, nothing has changed in terms of security.