Hidden dangers of RSS
An August 3rd article from GCN features remarks made by Robert Auger, Security Engineer with Atlanta-based SPI Dynamics, on security risks posed by RSS technology.
Such risks may occur, for example, when an RSS feed picks up comments left by readers on the web-site the feed is associated with: the readers may include malicious code in their posts post expecting those comments to get forwarded. The problem is exacerbated with news aggregation software (NewsGator, Google Reader, etc.) that brings together multiple feeds.
One factor behind these risks is that although data delivered by RSS feeds originates remotely, many RSS clients display the data as if it were trusted local material.
A critical defense mechanism here can be input validation - that is, readers need to "sanitize" content before it is displayed. As Auger notes,
Click here to view the article.
Technorati tags: Information Management, Information Technology, IT Security, RSS
Such risks may occur, for example, when an RSS feed picks up comments left by readers on the web-site the feed is associated with: the readers may include malicious code in their posts post expecting those comments to get forwarded. The problem is exacerbated with news aggregation software (NewsGator, Google Reader, etc.) that brings together multiple feeds.
One factor behind these risks is that although data delivered by RSS feeds originates remotely, many RSS clients display the data as if it were trusted local material.
A critical defense mechanism here can be input validation - that is, readers need to "sanitize" content before it is displayed. As Auger notes,
"Users could disable JavaScript on some client software and browsers, but there are some things you can do with HTML, so just disabling scripting is not enough."
Click here to view the article.
Technorati tags: Information Management, Information Technology, IT Security, RSS
posted by Editor @ 7:45 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home