Web
security firm Finjan has just released
a report outlining “sophisticated new threats that target Web 2.0
platforms and technologies.” According to the report, this web security
threat “centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and
XML) technologies for malicious activities.”
Finjan acknowledges that Web 2.0 and AJAX technologies enable a rich user
experience for Internet users, but they warn: “the technology also flings
open the door to new malware propagation methods.” How so? Because hackers
are targeting high-traffic web sites and either embedding malicious code in
hosted Web content, or using AJAX to query what Finjan calls “the hidden
web”.
Also the report shows that content of websites distributing malicious code is
being duplicated on storage and caching servers used by ISPs, Enterprises and
leading search engines. This means that malicious code is available and can be
referenced by third party web pages to exploit an end user’s machine – even if the
original malicious website has been taken down.
I’ve asked Finjan to send me the full report, but I thought in the meantime it’s worth throwing the question open: have you ever experienced a web security breach on a web 2.0 or ajax service? Particularly on a “high traffic site” – which I take to mean a MySpace or a YouTube. What hacking stories do you know of in the web 2.0 space?