RSS Syndicates Malware, Too
Really Simple Syndication (RSS) has been growing increasingly popular as a standard for many Web sites and blogs, as it gives users access to content from other sites without having to visit it. However, RSS is also a conduit for hackers to send malicious code. People have been rushing to utilize RSS, and in their haste are not employing proper security procedures. RSS can be used to launch cross-site scripting (XSS), cross-site request forgery (CSRF), and various other Web-based attacks. XSS attacks on RSS are more complicated than a standard Web-based XSS attack, but can still exploit vulnerabilities in RSS readers that allow remote execution of JavaScript. An attacker could also post an XSS attack on a site he blindly feeds through RSS streams, knowing it would get picked up. Experts say that to protect against RSS attacks users should only receive RSS feeds from readers that won't allow remote code execution of JavaScript.
© Copyright 2007 INFORMATION, INC.
Print This Article
E-mail This Article
