This blog is dedicated to revealing and destroy all forms of Malware; SPAM, VIRUS, Adware, Spyware.
Subscribe (What is this?)
Latest Comments
Email me Send me Feedback
Archive XML
August 2010 RSS
July 2010 RSS
June 2010 RSS
May 2010 RSS
March 2010 RSS
August 2009 RSS
June 2009 RSS
May 2009 RSS
April 2009 RSS
March 2009 RSS
October 2008 RSS
September 2008 RSS
August 2008 RSS
July 2008 RSS
June 2008 RSS
May 2008 RSS
April 2008 RSS
January 2008 RSS
December 2007 RSS
November 2007 RSS
October 2007 RSS
September 2007 RSS
August 2007 RSS
July 2007 RSS
June 2007 RSS
May 2007 RSS
April 2007 RSS
March 2007 RSS
February 2007 RSS
January 2007 RSS
December 2006 RSS
November 2006 RSS
October 2006 RSS
September 2006 RSS
August 2006 RSS
July 2006 RSS
June 2006 RSS
May 2006 RSS
April 2006 RSS
March 2006 RSS
February 2006 RSS
January 2006 RSS
December 2005 RSS
November 2005 RSS
October 2005 RSS
September 2005 RSS
August 2005 RSS
July 2005 RSS
Copyright 2005 Randy Charles Morin
Part of the KBCafe blog network
Destroy all Malware
Tue, 08 Aug 2006 21:03:02 GMT
Blog feeds may carry security risk

Joris Evers: Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns.

http://news.zdnet.com/2100-1009_22-6102171.html?tag=nl.e589

Randy: OK, this seems a little naive. Javascript in RSS shouldn't create any more vulnerabilities than Javascript in HTML. Sounds like a lot of fear mongering. In particular, this security expert mentions Bloglines as a particularly vulnerable RSS reader. Since Bloglines runs in a browser, I cannot see how this present any more vulnerabilities than having visited the malicious website via a Web browser in the first place. In addition, the security expert says "some reader software on Windows systems uses Internet Explorer to display feed content, but doesn't use basic security settings that isolate the content". I'm not gonna pretend to be an IE security expert, but can anyone confirm that reading a feed via the Internet Explorer ActiveX control presents any more risk than reading the equivalent HTML in IE?

Thanks to Scott Kingery for the play tag with me link.

Permalink Comments Categories:    
Reader Comments RSSRmail
Tue, 08 Aug 2006 21:34:18 GMT
User comment
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
Tue, 08 Aug 2006 21:50:13 GMT
User comment
Nick Bradbury has some good info about FeedDemon, which uses the IE ActiveX control: http://nick.typepad.com/blog/2006/08/feed_security_a.html
--SterlingCamden
Wed, 09 Aug 2006 08:32:30 GMT
User comment

The major additional risk - as I understand it - is that by creating a disk file and displaying it as a web page using the IE ActiveX control means that the page is executed in the local zone and not the remote zone opening up possibilities that do not exist in normal web pages.

Microsoft offers no way to use a different zone - unless anyone knows otherwise - so Agg authors either ignore the problem or try to eliminate potential attacks. That's why some of your posts that contain script tags do not appear as you intended in my and some other Aggs.

Fortunately the issue is not as bad as it is for the web in general because we can easily identify the author of most posts - and we know them to be benign.  The risk increases with syndicated feeds, however, so I try to avoid them.

Andy Henderson

Mon, 05 Mar 2007 23:16:53 GMT
User comment
Hello, very nice site! Please also visit my homepages: toyota corollailf corolla toyota730 Thanks!
Top Articles
  1. Spy Agency Removes Illegal Tracking Files
  2. 1000 Email SPAMs per Day
  3. Use Firefox, avoid WMF Exploit
  4. Gmail anti-Virus
  5. Losing the War on Splogging?
  1. Zobot Worm
  2. Best Malware Blog
  3. Defending Yourself Against Blogiarism and Splogs
  4. It's not a bug, it's a feature
  5. Splogger Challenge Response