Security in web services: an evolving threat model

Tuesday, 21 May 2002, 7:02 AM EST

Udi Manber, chief scientist at Yahoo!, apprised security researchers at the IEEE's Symposium on Security and Privacy about attacks likely to become commonplace in the emerging era of large-scale, distributed web services. "The kind of attacks that we're seeing are not a traditional security attack," he warned. The threat to web services is not about something like root access; it's more about repeated violations and exploitations of the service - small cheats and hacks that are individually insignificant, but a huge problem in the aggregate.

Spam is an example of this kind of hack. A web-based e-mail service does not suffer if one of its accounts is used for mass-mailing. When tens of thousands of accounts are abused in this way, the service can be brought to its knees. Manber calls this the "penny jar" effect, likening it to a thief who comes to a cash register and empties the penny dish every five minutes. The pennies are meant to be given away, and each instance of the loss is trivial; but if the theft continues unchecked, the service will be destroyed.

[ Read more ]




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //