Web services not a draw for virus writers, yet
Given recent history, are Web services the logical next target for virus writers?
The jury is still out on the matter. When asked at a recent financial services
industry Web services conference whether there have been any documented reports
of Web services virus or malware attacks, replies from conference goers ranged
from “none that have been made public” to claims that actual threats
have been identified in the labs.
The threat of malware and viruses in Web services is essentially a case of
old wine in new bottles, according to Ray Wagner, Gartner Group’s research
vice president for information security. “You have the same vulnerabilities,
but there’s a new hole to exploit.”
For one thing, there is the psychology of virus writers, whose egos are fed
by their ability to disrupt the lives of tens of millions of Windows users,
rather than a few obscure Web services servers. On the other hand, as the financial
value of transactions conducted via Web services increases, it could prove an
attractive draw for criminals who are driven by economic motives. “I’m
not convinced there will be major epidemics,” Wagner says, adding that
it would take inside knowledge of highly complex transaction systems to mount
an effective financial shakedown attack. Further, he expects perimeter defenses
eventually will be able to inspect HTTP and SOAP messages.
Back to feature: Web Services:
Careful, It’s a Circus Out There...
Tony Baer is principal with onStrategies, a New York-based consulting firm, and editor of Computer Finance, a monthly journal on IT economics. He can be reached via
e-mail at [email protected].