Scott Walters Exploring Stuff

In Mashup websites are a hacker’s dream come true Marks details some of the risks associated with Mashups in this article, as I read it he has a few major issues:

1. The information could be inaccurate or false
2. There has been little thought about security and privacy
3. The possibility that viruses could propagate through a mashup
4. The possibility that a mashup could be used to cause havoc by misrepresenting information.

The scope for causing havoc is obvious. If you look at http://www.chicagocrime.org/ which shows crime statistics and locations on a Google map it would be a reasonable assumption that high crime areas have lower property values but what if the crime statistics feed was modified to show certain areas have higher crime levels in an attempt to artificially lower property values.

Marks does recommend that installation and authentication of servers with SSL certificates will alleviate some of these problems.

Refs:

Marks, Paul.; 12/May/2006; Mashup websites are a hackers dream come true.; New Scientist; http://www.newscientisttech.com/article/mg19025516.400

Revised OWASP Top TenOWASP is the Open Web Application Security Project (OWASP) which defines standards and reports on vulnerabilities. Its latest list of the top 10 potential security vulnerabilities is an interesting read, particularly how certain vulnerabilities have dropped off the list and new vulnerabilities have arisen.

One of the obvious issues with ebusiness is that its still an emerging technology and as the technology itself moves ahead so do vulnerabilities. Possibly one of the biggest unrealised issues with bricks and mortar organisations as they depend more and more on ebusiness technologies is their vulnerability to issues like these.

Refs:

Olzak, Tom.; Lock it down: Use the revised OWASP Top Ten to secure your web applications — Part 1.; http://builder.com.com/5100-6371_14-6166717.html?tag=nl.e601

Open Web Application Security Project (OWASP) website; http://www.owasp.org/