Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web 2.0 Threats and Risks for Financial Services

Posted by CmdrTaco on from the where-is-my-foil-hat dept.

An anonymous reader writes "Companies are tuning into Web 2.0 but are simultaneously exposing their systems to next generation threats such as Cross site Scripting, Cross Site Request Forgery and Application interconnection issues due to SOA. With regard to security, two dimensions are very critical for financial systems — Identity and Data privacy. Adopting the Web 2.0 framework may involve risks and threats against these two dimensions along with other security concerns. Ajax, Flash (RIA) and Web Services deployment is critical for Web 2.0 applications. Financial services are putting these technologies in place; most without adequate threat assessment exercises."

2 of 56 comments (clear)

  1. Re:The real problem by Hal_Porter · · Score: 2, Interesting

    There's an argument that you should do some kind of benefit analysis before you adopt technology I think. Each new thing you add increases the attack surface of the application, so there's no point doing things for purely aesthetic or coolness reasons. Plus most Web 2.0 applications seem to cope very badly with slow or unreliable network connections, and that in itself is a good reason to not use them in critical environments like online banking.

    Fuck it, I'm an old fart and I know it. I'm sure next time I connect to my bank via a flakey VPN connection, it will look like fucking del.ic.io.us or whatever and will either not let me log in in the first place or freeze up when I'm trying to actually use it the way gmail does. There's no point trying to explain this stuff. Next time I go to Starbucks and it's full of goateed Mac users writing PHP code, I'm gonna put strychnine in cinnamon shakers.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  2. Lessons from the past - Nobody really cares by Anonymous Coward · · Score: 1, Interesting

    Web 2.0 is strikingly like the state of Microsoft Windows about 10 years ago, as far as security goes. Back then, Windows was well known to be vulnerable to Internet attacks. Which has led to tons of zombies, spyware, and other crap installed on people's computers.

    The lesson learned from that is that NOBODY cares. Even after they've been bitten (and sometimes bitten badly, with identify theft, and serious banking repercussions), they still want to use Windows. They prefer the Devil that they know, over something that they aren't familiar with.

    In short, people want their "Oooo - shiny!" widgets. They simply don't care enough about anything else to switch to a more secure system, or even implement proper security measures. And there are enough technically clueless button-pushers who call themselves developers that will provide the Shiny languages and widgets to propagate this crap.

    The proper solution is to start by redesigning Javascript with security in mind. But that will never happen.

    In short, Web 2.0 is the MS Windows of today. We can expect lots of exploits. But people will adopt it, the heck with the ramifications. Sorry to be pessimistic here. But I see nothing to contradict this lesson from the past.