/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsINDIA: It is fair to say that the use of Web 2.0 is exploding. However, its full impact is still not well understood, and perhaps even the term itself is not clear. So, before we go any further lets define what it means. When I refer to Web 2.0, I am primarily speaking about websites that allow user-generated content.
User-generated content changes everything on the web. Virtually, anyonefriend or foecan create content, edit HTML directly, upload files, and distribute content which could equally be of value or deliberately malicious in nature. Blogging, commenting, social networking and similar methods of information exchange collectively form a significant and widely used segment of the Web 2.0 space and has many uses both socially and from a business point of view.
In the case of the Obama campaign site, the site was designed specifically for voters and community organizers to spread the word and interact with more potential voters and influencers. To do this, they allowed users to create blogs that could have any content on them. There was nothing that could stop someone from posting a comment in a blog that looked like it should be there (related somehow to the blog post), yet linked to a site hosting malware. Websense found that hackers did just this by creating blogs on this site specifically designed to spread information stealing malware.
In the past, we have also found malicious code on sites such as Myspace, Facebook, and Google. We have even seen sites that use Googles Doubleclick ad network hosting advertisements linking to malicious code. The key point I am trying to make here is called web reputation. You would think that Facebook, Google, and MyBarackObama.com all have good web reputationscores that security companies gives to sites for being trustedand you are right. The problem is that good reputation can go out of the window with just one piece of malicious user-generated content or hidden code.
For full article click: http://dqindia.www.ciol.com/content/security/2009/109052110.asp