Justice, Commerce warn of Web 2.0'and 3.0'security risks

GCN Lab TV at FOSE 2008 The GCN Lab guys take their testing on the road to the FOSE trade show in downtown Washington DC. Come check out all the great products from the show that may soon be installed at your federal agency. Watch them here.

Defense-in-depth protection for agency Web sites is the recommendation from Justice and Commerce department representatives who spoke during the FOSE 2008 Conference and Exposition about the dangers of targeted attacks.

'[The] Web is a collaboration method, but the benefits of collaboration will not be realized unless that collaboration is done securely,' said Michael Castagna, Commerce's chief information security officer.

'We must understand the promise and peril of technology,' he added. 'Criminal syndicates are targeting intellectual assets such as credit card data and personal information and then are selling that information.'

Castagna also spoke about Web 2.0 risks. He described the three components of Web 2.0 as service-oriented architecture, application program interfaces, and rich Internet applications that use technologies such as Flash, Really Simple Syndication, and Asynchronous JavaScript and Extensible Markup Language.

Web 2.0 is about the user experience, with an emphasis on user-contributed content. In Web 2.0, the Web has become the application, but in Web 3.0, the Web becomes a database. Castagna asserted that although Web 2.0 presents its own security risks, he is also looking ahead to Web 3.0 and the risks it might present. 'Web 3.0 will consist of a database of machine-to-machine content,' he said. 'Search moves from contextual to semantic where it is interactive and powerful and must be secured.'

Mischel Kwon, deputy director of IT security at Justice, spoke about the danger of the relatively new IFrame attacks.

An IFrame (short for inline frame) is an HTML element that makes it possible to embed another HTML source inside the main document. In an IFrame attack, malicious code is injected into Web pages that redirect visitors to third-party malware sites.

Despite the persistence of such attacks, Kwon acknowledged the power of Web applications. 'To be effectively used, Web applications require ease of access, connectivity to other applications and rich functionality,' she said. 'The last thing you want to do is inhibit it via security. You must balance security with mission necessity and do risk analysis to decide what risks we are willing to take to allow that rich functionality.'

About the Author

Dan Campbell is a freelance writer with Government Computer News and the president of Millennia Systems Inc.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected