RSS Exposes Users to Attack

    August 4, 2006

ZDNet reports from the Black Hat conference in Las Vegas that security experts are increasingly concerned about the potential for malicious attacks perpetrated through web feeds.

SPI Dynamics examined a number of online and offline applications used to read RSS and Atom feeds. In many cases, any JavaScript code delivered on the feed would run on the user’s PC, meaning it could be vulnerable to attack…JavaScript is a scripting language that experts say is increasingly causing security concerns.

One wonders when news readers will start coming equipped with detection software. The article notes there are “non-vulnerable” readers, but doesn’t list them. Some that are vulnerable include Bloglines, RSS Reader, RSS Owl, Feed Demon and Sharp Reader

Yahoo! My Web | Furl

Bookmark WebProNews:

Shel Holtz is principal of Holtz Communication + Technology which focuses on helping organizations apply online communication capabilities to their strategic organizational communications.

As a professional communicator, Shel also writes the blog a shel of my former self.