Chapell & Associates

Tuesday, June 27, 2006

Web Services Increasingly Under Attack

SF Gate - June 23, 2006
As more people turn to Web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said.

Users of Yahoo Inc.'s e-mail service, Google Inc.'s Orkut social networking site and eBay Inc.'s PayPal online payment service were among the targets of attacks in recent weeks. All three companies have acknowledged and plugged the security holes.

The Chapell View
We probably shouldn't be terribly surprised that online applications are beginning to become the target of hacking or other malicious attacks. These applications are being increasingly used - webmail, messaging, online office applications (not to mention social networking) are all getting increased traffic. And as the author of this AP story notes, a lot of the security issues with operating systems and desktop applications have been fixed by Microsoft and others.

What goes unmentioned in this story, though, is the increased data collection that often goes along with web-based applications. Why is this relevant? In part, because of the struggle for consumer eyeballs. Marketers have found that online applications are a great place to serve advertisements, and this is how many online applications are monetized.

Take the many web-based services offered by search engines. Google Desktop Search, for example, uploads copies of desktop files to Google's servers in order to create a better search index. Now, Google theoretically can put this data to use when serving advertisements on its search engine (and most search engines, including Yahoo!, MSN, and others are all at least testing "personalized" search results).

But this transfer of data from the desktop to business servers underlines
a couple of possible risks. First, more data is available to hackers on company servers - and according to the AP, this is where they're increasingly looking for it. Second, as the line between desktop and browser continues to blur (and it's getting pretty fuzzy), the number of exploitable flaws may increase. I'm no security expert, but it seems like the more connections in place between a company server and a consumer desktop, the more places there are for a hacker to get in. Correct me if I'm wrong, though.

As more online applications emerge, I think many business models are going to depend on advertising in some regard - and may draw on and store desktop data as well. Think about Windows Live. Microsoft's suite of online applications and office tools (currently in Beta) has already begun serving MSN ads, and certainly gives users the ability to share or upload data.

Microsoft has said it plans to publish its privacy standards come August - and this may be just the time to do so. As more and more of lives shift toward a web-based model, and more data is increasingly traded between consumer and company machines, I do think there are going to be increased privacy concerns.
posted by Isaac on Tuesday, June 27, 2006

© 2005 by Alan Chapell & Associates LLC