Unfortunately, the technologies that make Web 2.0 interactive are also responsible for the spread of more viruses and malware. The more multimedia the web experience becomes, the more familiar we all become with installing browser plug-ins and toolbars, drivers, widgets, and applets. “To view this content requires the latest version of Flash.” Or Shockwave, or any of the slew of other audio and video players out there. Using cool Web 2.0 applications like MMOGs often require you to install drivers and utilities. Many users are getting increasingly blasé about installing add-on applications—but we need to be more vigilant than ever about the source of such applications.
User-created content can pose risks to you, the site owner. It can also pose privacy and identity-theft risks to your users. Many shopping sites allow visitors to search for others’ wish lists by name or email address.
Unless sites take security precautions, scammers can bombard a wish-list search with known or manufactured email addresses, harvest a bunch of wish lists, and send personalized phishing scam emails promoting wished-for items.
Could your webcam be spying on you? In a blackmail scam, a man in Spain was arrested for unleashing a virus capable of taking over infected computers and cams to do just that.
It used to be (in the Web 1.0 world) that you were as safe as long as you didn’t launch any dubious executables or open any suspicious attachments.
But nowadays, malicious code can install itself in the background when you simply visit the wrong web page.
Here are a few Web 2.0 vulnerabilities:
- Malware web pages.
- Viruses spread among web-enabled cell phones.
- Hacking wireless networks and Bluetooth conversations.
What to Do?
My best advice for marketers and businesspeople is to be aware that Web 2.0 is afflicted with many of the “Wild West” qualities of Web 1.0—and they’re fancier and more interactive than ever.
Internet security is unlikely to be the direct responsibility of readers of this book. Governments, security software and antivirus companies, spam filter technologies, and IT departments everywhere have been battling these kinds of threats for over a decade, and their white hat efforts will continue.
The credit card companies introduced a stringent Payment Card Industry Data Security Standard (PCI for short) that will make things tougher for hackers. The PCI standard mandates firewall and antivirus software, and regularly updated virus definitions. It requires companies to strongly encrypt data, to restrict which of your employees have access to customer credit card data, and to assign a unique identifying number to employees with that access. In addition, it governs monitoring of who views and downloads data, and periodic security system checks.
Security experts predict increasing attacks on Mac hardware, thanks largely to the spread of iPods and iPhones. For now, though, most of these ills principally afflict PCs running Microsoft operating systems and applications. But it is prudent to consider that any new foray into wireless devices, mobile, and PDA will face some novel cybercrime angles of their own.
Here are just a few priorities to bear in mind:
- Comply with PCI standards.
- Engage with leading security firms like VeriSign and HackerSafe to ensure your website, its server, and database are protected from known vulnerabilities.
- If your website supports user-generated content, widgets, forums, etc., be certain that it accepts only text or very basic HTML—and refuses JavaScript and other executable code.
- Ensure credit cards authorize and settle before shipping any products. Investigate all credit card fraud, including the referring URL.
- Scrutinize how and where your affiliate partners appear. Carefully review their traffic, sales, and commissions. If sudden, large sales from a new partner seem too good to be true, they probably are.
- If you distribute your text ads across a content network, review your stats for large traffic flows that didn’t result in any sales. It could be click-fraud designed to line the pocket of a site owner.