Home » News » White Paper From Exploit Preve ...

News by JavaScriptSearch


White Paper From Exploit Prevention Labs Examines New Realities of Web 2.0 Security

 

JavaScriptSearch
Friday, December 22, 2006; 03:01 AM

Exploit Prevention Labs (http://www.explabs.com), a leading developer of safe surfing software that protects against phishing, social engineering, and other web-based exploits, today published a new paper exploring the new security risks accompanying the rise of Web 2.0. The white paper, entitled, "Securing Web 2.0: Why Security 1.0 is no Longer Enough," is available for download at http://www.explabs.com/about/resCenter/wp.asp.

"We've looked at how the popularity of Web 2.0 sites like MySpace and YouTube creates unintended security risks for users," said Roger Thompson, CTO and co-founder of Exploit Prevention Labs. "Unlike previous generations of Web applications, today's Web 2.0 applications are characterized by heavy reliance on user-generated content and cross-linking across multiple sites using IFRAMEs, RSS, and cross-site scripting. When users visit a trusted Web 2.0 site, their browser is pulling information, data and malware from many other sources, some of which may not be so trustworthy."

Amongst the topic covered are the nefarious techniques used by international cybercrime organizations to raid bank and brokerage accounts or steal usernames, passwords, account numbers and other personally identifiable information. Other techniques discussed include drive-by downloads that take advantage of known security vulnerabilities in common applications; ransomware that extorts payment from users at virtual gunpoint; social engineering and phishing scams; botnet recruitment, and identity theft.

By dissecting Web 2.0 security risks, the paper demonstrates that traditional security solutions such as anti-virus, anti-spyware, firewalls, and patch management -- while critical -- are woefully inadequate when it comes to protecting against today's threats. The paper calls instead for a fresh approach to Web 2.0 security that recognizes and leverages the collaborative nature of Web 2.0.

By harnessing the collective virtual eyes and ears of Web 2.0 users, next generation security solutions, such as those offered by Exploit Prevention Labs, will provide real-time threat monitoring and protection against dynamic Web 2.0 threats.

About the LinkScanner Family of Safe Surfing Software

Exploit Prevention Labs offers a complete family of safe surfing software to protect Internet users against malicious web sites, phishing, social engineering and other web-based exploits.

The LinkScanner family of safe surfing products includes LinkScanner Pro(TM), LinkScanner Lite(TM), and LinkScanner Online(TM). LinkScanner Pro (free 30-day evaluation: http://www.explabs.com/products/lspro_trial.asp), a $29.95 safe surfing Windows application, provides real-time, automatic protection against malicious web sites, drive-by downloads and other crimeware exploits.

LinkScanner Lite (http://www.explabs.com/products/lslite.asp) is a free application that provides Internet Explorer users with real-time scanning of Google, MSN and Yahoo search results for web-based threats, as well as on- demand scanning of individual links. Support for Firefox and other browsers and search engines is in development.

LinkScanner Online, available at http://linkscanner.explabs.com, is a free real-time online URL scanning service that lets users know whether any individual site they intend to visit has been poisoned by an exploit distribution network. LinkScanner Online supports all major web browsers and is freely available for incorporation into third-party websites. Interested webmasters can request the code through Exploit Prevention Labs' website at http://www.explabs.com/LinkScanner/MyLinkScanner/

About Exploit Prevention Labs

Founded by information security veterans Bob Bales and Roger Thompson in 2005, Exploit Prevention Labs develops the LinkScanner family of safe surfing software and services. LinkScanner Pro, LinkScanner Lite and LinkScanner Online provide patent-pending protection against malicious web sites and web- based exploits during the critical risk window between the announcement of a security vulnerability and the provision of a patch by the vendor. A Software Development Kit (SDK) is also available to enable third party vendors to incorporate Exploit Prevention Labs' technology in their own applications and services. More information about Exploit Prevention Labs and LinkScanner may be found on the company's website at http://www.explabs.com.

 

Advertisement

Partners

Related Resources

Other Resources

arrow