Computerworld referenced some research that I had done on
RSS Security in an article discussing
how RSS and other web based feeds can be used as deployment vectors for malware. For those of you reading this
entry coming from an RSS feed, no worries I haven’t owned you as it wouldn’t be in my interest :).
"Unfortunately, many of the applications that receive [feed] data do
not consider the security implications of using content from third
parties and unknowingly make themselves and their attached systems
susceptible to various forms of attack," Robert Auger, formerly of SPI
Dynamics, said in a white paper released last year.
As a result, the "potential for using Web-based feeds as an
exploit deployment vector for both known and zero-day exploits is
rather large," he said. The issue is amplified when a feed is
resyndicated to other sites. "The potential exposed user base could be
in the millions, making it an attractive method for worm deployment,"
Auger wrote.
One relatively easy way that hackers can take advantage of a
feed is to plant a comment containing malicious JavaScript on a blog
site that allows readers to leave comments. If the blog’s RSS feed is
set up to deliver comments as part of the feed, the malicious code gets
distributed to subscribers, Dickenson said. "
My Whitepaper: Feed Injection In Web 2.0: Hacking RSS and Atom Feed Implementations
My Blackhat Slides:
Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems
Article Link: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9011621
