« Security expert: Make vendors liable for bad code | Main | Automated Scanners vs. Low-Hanging Fruit »

Read RSS and get hacked

Computerworld referenced some research that I had done on RSS Security in an article discussing how RSS and other web based feeds can be used as deployment vectors for malware. For those of you reading this entry coming from an RSS feed, no worries I haven't owned you as it wouldn't be in my interest :).

"Unfortunately, many of the applications that receive [feed] data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack," Robert Auger, formerly of SPI Dynamics, said in a white paper released last year.

As a result, the "potential for using Web-based feeds as an exploit deployment vector for both known and zero-day exploits is rather large," he said. The issue is amplified when a feed is resyndicated to other sites. "The potential exposed user base could be in the millions, making it an attractive method for worm deployment," Auger wrote.

One relatively easy way that hackers can take advantage of a feed is to plant a comment containing malicious JavaScript on a blog site that allows readers to leave comments. If the blog's RSS feed is set up to deliver comments as part of the feed, the malicious code gets distributed to subscribers, Dickenson said. "

My Whitepaper: Feed Injection In Web 2.0: Hacking RSS and Atom Feed Implementations
My Blackhat Slides: Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems
Article Link: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9011621


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!