An article yesterday on the DarkReading security website, entitled "Researchers Hack IP Video" highlights a different angle to the risks of third-party content integration, discussed in my recent post: Integrating third-party content into your website: four ways to manage the risks.
According to the report, at DefCon last week researchers showed how IP video transmissions can be hacked using an ARP poisoning/man-in-the middle attack. The research identifies the risks of insecure IP video transmissions, claiming that apparently only 5% of organisations "secure their IP video communications with encryption or other measures".
From our perspective, the issue that this highlights is the risk of third-party content integration via video streaming. At the conference, the researchers used an open source tool, VideoJak, to intercept a video stream and replace it "with a malicious or phony video payload".
Therefore, the point to be recognised here is that we need to consider not just the security of the originating data source, but also the encryption measures that secure the data transmission.