EU agency issues position paper on security for Web 2.0
9 January 2009
The European Network & Information Security Agency (ENISA) has issued
a new report that explains the risk of Web 2.0 — photo sharing, wikis,
social bookmarking and social networking — and 'malware 2.0', a new
breed of web-borne infections you can catch just by visiting a web page.
The report also gives advice on how to tackle the new breed of
Web applications have become amazingly sophisticated to keep up with
the demand for new services. “Web 2.0 applications are pushing existing
Web technologies to their limits — as a result, even the best developers
have had to resort to ‘hacks’ and loopholes in the system to make their
applications work.” says Giles Hogben, an ENISA expert.
"It’s no surprise that criminals are attacking these applications,
and are using them as vehicles to distribute malicious code to users."
The black-market in malware installations is now so well-organised and
lucrative that criminals are offering package deals with standard prices
The success of Web 2.0 is fundamentally about enabling users to
contribute content and communicate. But, at the same time, that success
creates new challenges: for example it is more difficult to know whether
to trust information when you don’t know who the original author was or
where it came from.
The related ENISA survey analyses what tactics people use to decide
if a web page is fake. The result is highly surprising: most people will
trust a source as long as it appears more than once on the web. The
tendency of blogs and wikis to replicate rumours means this is no longer
a rational strategy.
For example, some stories originating in the blogosphere about US
vice-presidential candidate Sarah Palin have since been proven false.
Another example is web-based pump-and-dump stock rumours where share
prices are artificially inflated.
“We need better ways to establish trust in information in the Web 2.0
world”, says Mr. Andrea Pirotti, Executive Director of ENISA.
ENISA compiled the report using input from a group of international
web security experts. It recommends a set of initiatives in web
standards and architecture, as well as policy actions. These include eg,
incentives for more secure programming and measures to protect personal
data exchanged among private individuals.
The full report:
Have your say! To influence the future of European Network and
Information Security give your opinion in the online public
Bookmark this page