A problem with cloud computing, what happens if your private documents are shared with people without your permission. Admission from Google that this has now happened with their services.
http://www.realsoftwaredevelopment.com/google-shares-your-private-documents/
In Mashup websites are a hacker’s dream come true Marks details some of the risks associated with Mashups in this article, as I read it he has a few major issues:
The scope for causing havoc is obvious. If you look at http://www.chicagocrime.org/ which shows crime statistics and locations on a Google map it would be a reasonable assumption that high crime areas have lower property values but what if the crime statistics feed was modified to show certain areas have higher crime levels in an attempt to artificially lower property values.
Marks does recommend that installation and authentication of servers with SSL certificates will alleviate some of these problems.
Refs:
Marks, Paul.; 12/May/2006; Mashup websites are a hackers dream come true.; New Scientist; http://www.newscientisttech.com/article/mg19025516.400
Revised OWASP Top TenOWASP is the Open Web Application Security Project (OWASP) which defines standards and reports on vulnerabilities. Its latest list of the top 10 potential security vulnerabilities is an interesting read, particularly how certain vulnerabilities have dropped off the list and new vulnerabilities have arisen.
One of the obvious issues with ebusiness is that its still an emerging technology and as the technology itself moves ahead so do vulnerabilities. Possibly one of the biggest unrealised issues with bricks and mortar organisations as they depend more and more on ebusiness technologies is their vulnerability to issues like these.
Refs:
Olzak, Tom.; Lock it down: Use the revised OWASP Top Ten to secure your web applications — Part 1.; http://builder.com.com/5100-6371_14-6166717.html?tag=nl.e601
Open Web Application Security Project (OWASP) website; http://www.owasp.org/
Interesting item on use of web technologies for intelligence. Most of the issues raised would be applicable to the general ebusiness area.
“The Defense Intelligence Agency is seeing mushrooming use of various Web 2.0 technologies, which are becoming increasingly critical to accomplishing missions that require analysts to share intelligence, said Lewis Shepherd, chief of the DIAs requirements and research group at the Pentagon. ” – Havenstein
The use of mashups is interesting and is the equivalent of commercially sensitive material using mashup technology for a normal business.
Refs:
Havenstein, Heather.; Military Intelligence Goes Web 2.0.; Computerworld.; http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=284174
Ebusiness means part of your business is in a place where you may be subject to criminal activity that has very low costs of entry, can attack from anywhere in the world, and is very difficult to track and control.
“You can buy a U.S. identity — a credit card, bank account, Social Security, date of birth — for US$20,” by Huger
I liked this article about botnets and how they can be used for identity theft. The quote makes me wonder how the business clearly identifies that the person it is dealing with is indeed the person it thinks it is dealing with.
Refs:
Messmer, Ellen; 19/Mar/2007.; Bot Herders Selling Stolen Financial Data to Criminals.; Chief Security Officer Online; http://www2.csoonline.com/blog_view.html?CID=32583
Now, New, Next