Jul 08 2008

TechView: Web Security In The Web 2.0 Age

Published by at 4:49 pm under Uncategorized

I’ll be heading out shortly to Vancouver’s monthly social media marketing extravaganza, social change seminar and blogapalooza, Net Tuesday. Some of my favorite technorati types will be heading up the event, like social media evangelist Dave Olson (AKA Uncle WeedJohn Bollwitt and Rob Cottingham. It will be a regular geek-fest (That’s a good thing, people).

Taking part in this kind of activity alongside my fellow bloggers and tech-people, immersed in this Web 2.0 world has been a lot of fun. But thanks to my new gig in the field of web security technology, I’ve been learning a lot about the safety of the architecture we’re using to do our thing. It’s been a wake-up call.

The vast majority of websites are pretty much uncontrolled breeding grounds for hackers to steal the information of anyone who uses the websites. Most organizations and companies haven’t taken even the most basic security measures. (Check out the video below to see a kung fu-style dramatization of the process of hardening one’s website against hackers.

And blogs ain’t immune. I just had my company conduct a website security audit on one of the many blogs I’ve authored (and no, I’m not going to mention which one and put out a welcome mat to cyber criminals) to see if WordPress’ software was vulnerable to hackers.

Turns out, the blog had problems; the test turned up 62 vulnerabilities of varying severity. This is far, far less than a company we recently scanned that is involved with security and privacy issues (the sad, sad website literally had a vulnerability exposed on every single page — we’re talking thousands of openings for hackers to exploit). But it was still pretty alarming.

So here’s the question: at a time when everyone is calling for better protection from corporations and government to protect their information, don’t bloggers also need to be responsible and provide a secure environment for their website visitors? Is it beyond our capabilities (financial, technical), or are we just making excuses that allow cyber criminals to get away with their crimes?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “TechView: Web Security In The Web 2.0 Age”

  1. Larry Yatkowskyon 09 Jul 2008 at 9:23 am

    I submit:

    If you are going to do anything, anytime, anywhere on the web be clear in your understanding it will never ever be private again and lives beyond eternity.

    The “anything” will, somewhere and at sometime come back to benefit or haunt you and those near you, when you least expect it.

    I’ve never met a nice spider so to your point, yes most certainly yes, there are far too many wacko’s out there who are hell bent on distruction and pain.

    It is afterall, a World Wide WEB!

  2. Rob Cottinghamon 10 Jul 2008 at 9:35 am

    Great meeting you at the podcasting event, Jonathon!

  3. jnarveyon 10 Jul 2008 at 2:25 pm

    Much appreciated, Rob! I’ve been toying with the idea of starting my own podcast and I found your info really helpful. It’s impossible to keep up with every new tech device, so having someone who’s actually done this stuff go over a simple range of tools we COULD use is exactly what I need to get started. Looking forward to talking more with you at the next event. Cheers!

Trackback URI | Comments RSS

Leave a Reply