Web security News - 08/08/06 Microsoft Team RSS Blog discusses more RSS Risks

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main -> Internet Security News

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

08/08/06 Microsoft Team RSS Blog discusses more RSS Risks

The microsoft guys started a blog entry regarding my talk at blackhat/whitepaper.

"We designed and implemented the RSS features using the principles of the Secure Development Lifecycle as embraced by Microsoft. One of the principles is defense in depth. The idea being, even if script somehow were to sneak by the first layer of defense, the impact that the script could have is restricted, if not entirely negated."

For those of you reading this I tested IE Beta 1 which at the time did execute script. I contacted Microsoft who informed me the day before Beta 2 came out. Beta 2 addressed the issue before I even spoke to a Microsoft person about this due to their process. Props to Microsoft for taking a proactive approach.

UPDATE: An article by TechWeb states I am a SPI Dynamics Co founder. This is completely incorrect. Caleb sima who was originally going to co present with me is a SPI Dynamics founder not me.

Article Link: http://blogs.msdn.com/rssteam/archive/2006/08/07/691248.aspx
Link to this Story: 08/08/06 Microsoft Team RSS Blog discusses more RSS Risks
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed