Pages

Tuesday, 1 August 2023

Security is World Wide Web Day focus

Concept connectivity image generated by Blue Willow. Glowing lines similar to electronic circuitry.
Concept connectivity image generated by Blue Willow.

August 1 marks World Wide Web Day. The Internet may seem ubiquitous today, with users spending more than 6.5 hours daily on average on the Internet according to WeAreSocial, but there was actually a time when it didn't exist. The software for the web was only released to the public in 1993, and offered with an open source licence in 1994.

"Most people would agree that the public release was the best thing we could have done, and that it was the source of the success of the World Wide Web,” said Walter Hoogland, CERN's Director of Research in 1993. “Apart from, of course, the World Wide Web itself!”

Hoogland, a co-signatory of the document that proclaimed the web’s release, made the statement in a CERN annnouncement on 30 April 2023, the 30th anniversary of CERN's release. The web continues to evolve. The World Wide Web Consortium (W3C) drafted its vision* for the web as recently as July 2023:

  • The web is for all humanity.
  • The web is designed for the good of its users.
  • The web must be safe for its users.
  • There is one interoperable world-wide web.

The W3C Consortium also highlighted challenges with web security in July. An analysis of a Mozilla Developer Network (MDN) survey from the programme committee of the W3C Secure the Web Forward Workshop found that on average, 60% of developers rated the security aspects as 'somewhat challenging' or 'very challenging'. In contrast, 17% of developers rated them as 'easy' or 'very easy'.

"It's evident from this that we have a problem. There is a substantial need for enhanced education, tools, and best practices to assist developers with security issues across the board," said Daniel Appelquist, Open Source & Open Standards Strategy Director, Snyk, in a W3C Consortium blog post.

Appelquist, who is also Co-Founder and a Governing Committee Member for Open Web Docs, shared that survey respondents said detecting security vulnerabilities was highlighted as the most challenging aspect, followed by understanding security threats and then the "intricacy of understanding the web browser's security model". "One thing is clear: if we want to address these challenges we need to do so holistically. That means we need to get people talking to each other across silos," Appelquist concluded.

Industry observers have also highlighted web security. Check Point Research (CPR) shared in January 2023 that the number of global cyberattacks had increased by 38% in 2022 compared to 2021. “The Internet is undoubtedly a fundamental part of our lives, and it is part of the daily routine of millions of users and companies worldwide. However, despite continuous use, bad practices concerning cybersecurity are still present, especially here in Singapore, where we are seeing organisations being attacked on average 1,237 times in the last 6 months,” said Rebecca Law, Country Manager, Singapore, Check Point Software Technologies.

“Online security starts with users themselves. Therefore, it is essential that we become more aware of our actions and the inherent dangers when browsing the web.”

“On this World Wide Web Day, it’s important to recognise the significant strides made in web browser security. Towards the earlier part of this century, browsers were problematic, as flaws in Microsoft Internet Explorer, the most popular browser at the time, as well as browser plug-ins like Microsoft ActiveX and Adobe Flash, provided attackers with reliable entry points onto the systems of Internet users," said Satnam Narang, Senior Staff Research Engineer, Tenable.

Narang noted that improvements in technology such as sandboxing, which isolates the ability to access the underlying system, have driven cybercriminals to "broadly pivot away from web browsers as a primary threat vector". "That said, advanced persistent threat (APT) groups remain determined to find what is known as vulnerability chains, which pair two or more vulnerabilities, to escape browser sandboxes and reach the underlying system. These APT groups aren’t interested in targeting the average consumer.

"While web browsers were the de facto way of accessing the world wide web, the evolution of mobile phones has also evolved how we interact with the web, primarily through the use of apps. Now, threat actors may develop malicious apps and post them on official and unofficial app stores, which can enable them to financially benefit from their victims by signing them up for premium services or stealing sensitive information from their devices.”

CPR's advice to Internet users includes:

- Not clicking on unknown links

- Use strong and unique passwords

- Enable two-factor authentication (2FA)

- Be careful downloading attachments from unknown sources

- Avoiding public and unprotected WiFi networks

- Visiting websites that have an SSL certificate. A quick way to recognise secure websites, CPR said, is by checking the URL, which should include 'https://' at the beginning.

- Education in basic digital hygiene practices

Explore

View the document that officially put the World Wide Web into the public domain on 30 April 1993 at https://cds.cern.ch/record/1164399/.

CERN's Web30 website is at https://web30.web.cern.ch/web-history.html

*Vision for W3C, W3C Group Draft Note, 25 July 2023. This is a work in progress. Please check for the latest version at https://www.w3.org/news/2023/draft-note-vision-for-w3c/.

at

No comments:

Post a Comment