- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Samy Kamkar was really just trying to impress girls. Instead he made Web hacking history.
Kamkar created what is considered the first Web 2.0 worm -- a virulent bug that could not be blocked by a firewall, and which ultimately forced the owners of MySpace.com to temporarily shut down the site. The Samy worm was just the more prominent of a new generation of Web attacks that some security experts fear may slow down the fast-evolving collaborative model of Internet development known as Web 2.0.
The Samy worm popped up in late 2005. Kamkar says he discovered it while looking for a way to get around the Web site's content posting restrictions and add code that would jazz up the look of his MySpace profile. By taking advantage of a bug in the way the Web site code was written, he was essentially able to control the browser of anyone who visited his profile.
"A Chipolte burrito bol and a few clicks," after discovering the vulnerability Kamkar managed to create the fastest-spreading Web-based worm of all time. Within 20 hours, the worm had spread to nearly 1 million MySpace.com users, forcing them to select Kamkar as their "hero," in their profile page. News Corp. was eventually forced to shutter MySpace in order to fix the problem, and Kamkar eventually got three years probation in Los Angeles Superior court.
Unlike the MyDoom and Sobig worms of years past, which clobbered systems and caused days of technical problems for system administrators, Kamkar's worm didn't do anything to harm MySpace users' computers. And once MySpace fixed the problem, it was fixed globally.
To security experts like Robert Hansen, the CEO of Web security consultancy Sectheory.com, the Samy worm is an example of the kind unexpected consequences that can arise when Web site operators let users become contributors to their Web properties.
Hansen, and a group of like-minded white-hat researchers, believe that we're only beginning to see what can go wrong when the security of the new generation of collaborative, Web 2.0 applications gets tested.
They believe that without a radical change to the way that browsers interact with the Web, the Web 2.0 security problem will only get worse.
From the start, desktops and Web servers were simply not designed to work together in a secure fashion. And as Web 2.0 pushes these machines to do more and more exciting things that lie far from their academic, electronic publishing roots, the strain is beginning to show, according to Hansen, who also maintains a Web site that serves as a discussion forum for the latest Web attacks.
The Diane's of the industry should be acknowledged for their understanding of why products fail when...- Anon
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (1)
As Web 2.0 evolves, security becomes an issueBy Anonymous on June 19, 2007, 5:50 amRegarding Barrett's comment on the need to evaluate web standards; interesting and potentially significant research is being conducted by IBM Research regarding...
Reply | Read entire comment
View all comments