SPOTLIGHT: Watching YouTube at your peril

A recent Georgia Tech Information Security Center report argues that as Web applications more interactive, "It also pushes more code execution onto the client browser." ''Attackers will continue to post malicious links as part of the user's everyday online activity--at the end of an instant messaging (IM) string, hidden in a YouTube video or embedded in an Excel spreadsheet,'' Paul Judge, Senior Vice President and Chief Technology Officer, Secure Computing, told the Business Standard. When browsing a Web 2.0 site, "the user's browser silently makes requests and communicates with the Web application in the background. This scenario gives hackers the opportunity to embed malicious code on an otherwise legitimate website, which the user's browser will automatically execute", explains the report. More