Web-based Widgets Vulnerable to Attacks

California-based Finjan Inc. released a recent finding that pointed to computers' vulnerability to security attacks because of Web-based Widgets. Described as small applications, Widgets run on the desktop or in an active browser and perform a specific utility such as stock updates or weather reports.

The Malicious Code Research Center at Finjan indicated in its Web Security Trends Report that the commonly used Widget function running on Websites have embedded code that criminals and hackers could conveniently exploit. According to company officials, there is inadequate security in all varieties of widget environment. The research further added that more attacks manipulating widgets would be seen soon. United Press International published this in news on 11 September 2007.

With the growth in popularity of widgets in almost all company environments ranging from Web portals to operating systems, their importance has risen significantly from security point of view, said Yuval Ben-Itzhak, Chief Technical Officer at Finjan. United Press International published Ben-Itzhak's statement on 11 September 2007.

Since 3,720 widgets are already available on Google, 3,959 on social security site Facebook and 3,197 on a computer by Apple, it highlights the possible extent of the problem.

Vulnerabilities in gadgets and widgets help attackers to acquire control of others' computers, so their development should be made with full security in mind. This attack medium is likely to make a profound impact on the IT industry and immediately introducing the industry to new security considerations that are supposed to be dealt with. Organizations need security solutions that would be able to cope with new environments as well as detect and analyze malicious code so that sufficient protection may be taken. United Press International published this on 11 September 2007.

Finjan advised users to avoid unknown third-party widgets in the same manner they would act with full-sized applications. Extra caution is also necessary at the time of using interactive widgets whose function depends on external feeds like RSS that could be vulnerable to attacks that take advantage of the trust by placing a malicious code on the data.

Based on Finjan's findings, Yahoo and Microsoft are now set to issue patches and security advisories among their security declarations to improve user protection.

Related article: Web Browsers Too Have Security Exploits

» SPAMfighter News - 10/4/2007