Security

Security

The Web has become criminals' preferred pathway for spreading malware. Cybercrime carried out on the Web can include identity theft, fraud, espionage and intelligence gathering.^[51] Web-based vulnerabilities now outnumber traditional computer security concerns,^[52][53] and as measured by Google, about one in ten web pages may contain malicious code.^[54] Most Web-based attacks take place on legitimate websites, and most, as measured by Sophos, are hosted in the United States, China and Russia.^[55] The most common of all malware threats is SQL injection attacks against websites.^[56] Through HTML and URIs the Web was vulnerable to attacks like cross-site scripting (XSS) that came with the introduction of JavaScript^[57] and were exacerbated to some degree by Web 2.0 and Ajax web design that favors the use of scripts.^[58] Today by one estimate, 70% of all websites are open to XSS attacks on their users.^[59]
Proposed solutions vary to extremes. Large security vendors like McAfee already design governance and compliance suites to meet post-9/11 regulations,^[60] and some, like Finjan have recommended active real-time inspection of code and all content regardless of its source.^[51] Some have argued that for enterprise to see security as a business opportunity rather than a cost center,^[61] "ubiquitous, always-on digital rights management" enforced in the infrastructure by a handful of organizations must replace the hundreds of companies that today secure data and networks.^[62] Jonathan Zittrain has said users sharing responsibility for computing safety is far preferable to locking down the Internet.^[63]