I will be giving a talk at Blackhat this year entitled "Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems". I'll also
be available at the 'Web Application Security Consortium' Meet-up for those who want to chat.
This presentation will discuss the use of RSS and Atom feeds as method
of delivering exploits to client systems. In our research we have found
a number of RSS clients, both local and web-based, that are far too
trusting of the content that is delivered via feeds. Although this
content arrives as well-formed XML, fundamentally it originated as user
input elsewhere. Like any such data, it can contain malicious and
mal-formed content, yet many clients fail to guard against this. And
though such content by definition originates remotely, many clients use
methods of display that cause it to be trusted as if it were locally
originated.
