[unisog] WEB2.0 Security Issues

Stasiniewicz, Adam stasinia at msoe.edu
Thu Jan 25 03:14:34 GMT 2007

I think Valdis made a good point here.  What you will see on "Web 2.0" is a
whole lot similar to the current Internet.  You will still have the same web
servers (Apache, IIS, etc) and the same webmaster who don't patch those web
servers.  You will still have email (and spam) flowing over SMTP.  You will
still have viruses, worms, and other malware.  There are many proposals on
what content would be published and who would have access, but in the long
run, it will probably do little for security.

The one thing of interest is IPv6.  It already is sizably deployed in the
Far East, and most major universities have at least some partial deployment.
The biggest change in IPv6 is a massive increase in the total amount of IP
addresses.  There is also work on QOS and IPSec integration, which merits
attention.  Whatever "Web 2.0", "Internet 2", etc come out with; I think the
major main stay will be IPv6.  Simply because the world is running out of IP

My $0.02,
Adam Stasiniewicz

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of
Valdis.Kletnieks at vt.edu
Sent: Wednesday, January 24, 2007 2:32 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] WEB2.0 Security Issues

On Wed, 24 Jan 2007 21:51:06 +0200, avi shvartz said:
> What I am missing is a reference to security & privacy issues related to
> WEB2.0.

All the same ones that Web 0.99 had.

Since "Web 2.0" is more a buzzword than an actual protocol or design
methodology, you can't point to anything the way you can (for instance)
point at "privacy issues of HTTP Cookies" or "Things to worry about when
collecting personal data on a website that uses LAMP".

If there's a *specific* concept that's more specific than "now
with web 2.0", feel free to raise it and we'll discuss it.

> I would like to hear opinions what are the new security & privacy concerns
> that WEB2.0 

Only thing that comes to mind is "fraud against VC investors who didn't
their lesson in the dot-bomb bubble collapse".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3111 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20070124/3b5dd319/attachment.bin 

More information about the unisog mailing list