<   Prior Home         Share Blog Bloke     Share Blog Bloke Tips       Share to Twitter       Share to Facebook       Share to Twitter       Share to Google Plus       Share to LinkedIn       Pin this       Get Updates            
        Next   >  

RSS, Atom Newsfeeds expose Bloggers to Hack Attack

Hack Attack!What next? CNET reports:

Attackers could insert malicious JavaScript in content that is transferred to subscribers of data feeds that use the popular RSS (Really Simple Syndication) or Atom formats, Bob Auger, a security engineer with Web security company SPI Dynamics, said Thursday in a presentation at the Black Hat security event here.

The problem doesn’t affect only blogs–any kind of information feed using any kind of format could potentially be used to transmit malicious content to a subscriber, Auger said. People, for example, subscribe to mailing lists and news Web sites via RSS, he said, noting “this is about the entire concept of Web feeds.”

Crikey! Maybe its time to chuck the javascript. But with the recent popularity of ajax that probably won’t be happening within my lifetime.

You can of course turn off scripts in your browser, but then you would miss out on a lot of cool features blogs are designed for. So I don’t recommend that (except for the completely paranoid).

Perhaps the real problem is your favorite newsreader (aggregator):

Many of the popular feed reading applications are faulted because the designers have failed to add valuable security checks, Auger said. In particular, the applications should not allow JavaScript that is included in feeds to run. Instead, it should be filtered out, he said.

Additionally, some reader software on Windows systems uses Internet Explorer to display feed content, but doesn’t use basic security settings that isolate the content. Instead, the JavaScript is downloaded to the PC and has full access, which can fully expose a person’s PC, Auger said.

“A large percentage of the readers I tested had some kind of an issue,” he said. In his presentation, Auger listed Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader as vulnerable.

As protection, people could switch to a nonvulnerable reader. Also, feed publishers could ensure that their feeds don’t include malicious JavaScript or any script at all, Auger said. Some services, however, rely on JavaScript to deliver ads in feeds, he noted.

Are you listening Nick Bradbury?

I can say without any hesitation that your friendly Blog Bloke’s newsfeeds run no scripts, are sanitized and completely bug-free. All the more reason why you should sign up. Via CNET.


Related links: blog bloke, instabloke, blog, weblog, blogging, blog tools, web 2.0, internet, computers and internet, technology, tech, software, newsfeed, rss, ajax, security
Similar Reading:
  • RSS, Atom Newsfeeds expose Bloggers to Hack Attack
  • RSS as a Marketing Tool
  • Written August 4th, 2006 by | 1 Comment | Filed under: Blog Tips , , ,

    Thanks for Sharing     Share - enable java in your browser Share to Twitter            

    Did you enjoy this article? Keep up to date with Blog Bloke Tips the moment it's published by email. Your Privacy is Guaranteed and will not be shared with anyone.


    Keep it real with Blog Bloke Thanks for reading the original Blog Bloke. You can read more about me here. Contact me if you have any questions, tip requests or if you would like to be a guest blogger. Keep it real every day and subscribe to the newsfeed, share with friends or follow me.

        Subscribe to the Newsfeed     Share to Twitter     Share to Facebook     Share to Google Plus     Pin this     Share to LinkedIn


    Got an opinion? Let's be real and start a conversation:

    It's your turn to tell Blog Bloke what you think, ask a question or suggest another blog tip. Don't forget the comments policy and I'm looking forward to reading what you have to say.

    There is One Comment so far to “RSS, Atom Newsfeeds expose Bloggers to Hack Attack”

    1. What to do?

        Reply   ·   Share Share Blog Bloke Tips  

    Share     Share this article with your friends

    Subscribe to Better Blog Tips Newsfeed   SUBSCRIBE to Bloke Bloke's Articles (Newsfeed)

    Subscribe to Better Blog Tips Newsfeed   Subscribe to only Comments for this Article | TrackBack URL

    You can also use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>