August 4, 2006 3:52 AM PDT
Blog feeds may carry security risk
The problem doesn't affect only blogs--any kind of information feed using any kind of format could potentially be used to transmit malicious content to a subscriber, Auger said. People, for example, subscribe to mailing lists and news Web sites via RSS, he said, noting "this is about the entire concept of Web feeds."
Also, attackers could send malicious code to mailing lists that offer RSS or Atom feeds and commandeer vulnerable systems that way, Auger said. Feeds are popular because they let people consolidate information streams from multiple sites, such as blogs, in one application, called a feed reader, removing the need to surf to multiple sites.
"A large percentage of the readers I tested had some kind of an issue," he said. In his presentation, Auger listed Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader as vulnerable.
3 commentsJoin the conversation! Add your comment