Web exploits to target World Cup 2010
By Asavin Wattanajantra,
Security vendor Symantechas warned that the next World Cup will see a big increase in website exploits as a bigger threat than traditional scam emails.
Senior security threat researcher Candid Wüest said that scamming and phishing emails, although still a problem, was part of the “old days”.
The World Cup in South Africa is going to be targeted through web 2.0 technologies such as interactive internet web pages, which offer services like streaming media which could offer goals or background information.
“People are going to expect richer media experiences on web pages, but this is going to make it more vulnerable to attacks,” Wüest said.
He quoted Symantec figures that saw that 65 per cent of all vulnerabilities found in 2008 targeted web applications.
Attacks like cross-site scripting attacks could be used which could allow attackers to place false information on a legitimate web page.
“A user could believe that this is the final score of a match which is actually still going on," he said.
“They could enter information to re-sign in and could give a password. But its not going to be sent to the web page – it’s going to be sent to the attacker, and once again he will have access to your private information.”
Symantec quoted a figure of 97 per cent of these vulnerabilities being left open, as programmers often don’t have time to repair them or feel they aren’t important.
“The website has a database of all the information that is entered, so it could be that for 2010 you need to fill in an application to get a ticket, and this information will be stored somewhere," Wüest said.
“A clever attacker can access all this information and retain it, which is quite bad for you and your image.”
The European Championship in 2008 was also targeted by drive-by attacks, where an official web page was compromised.
“Every time a user used that web page, it checked which browser and version of it you used, and redirected to a specific exploit targeting a hole in exactly that browser,” said Wüest.
He added: "Once the hole was found, it was downloading a trojan directly to your laptop or computer silently in the background. It just happens because there is a vulnerability in your browser."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Dell EqualLogic PS6100XS review
- Chromebooks: What's gone wrong?
- ICO: Fines for cookie law breakers
- UK regulator shuts down Angry Birds scam
- Open source software driving cloud-based innovation
- Fujitsu targets enterprises with Android ICS tablet
- IBM bans use of Siri on iPhones
- Dell PowerEdge R820 review
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
