Beware - Think Before You Subscribe!
Saturday, August 05, 2006
Bob Auger (security expert at Web security company SPI Dynamics) found out that RSS/ATOM feed can be used to spread malicious javascript codes and informed everyone at the Black-Hat Security Conference.
This can be very serious for those are using RSS/ATOM feed readers and using the softwares or online reader both. Most of the RSS readers use Internet Explorer's engine to display the feeds and that too without any security and that can be exploited easily. Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader are some of the programs which were marked as vulnerable by Auger.
He says that, these feed readers must disable the javascript and filter it out before displaying the feed.
He also said that attackers can exploit the problem by injecting the javascript codes in the FEED of a blog. But this can be done only if the attacker itself starts a blog and then entice any user to subscribe to it. Another way is that they can put a comment on any popular blog and then inject the javascript code along with the comment, many popular blogs tend to provide feeds with the comments on post.
[via Zdnet Security]
So, how dangeours things can be ?
Well, this can be exteremly dangeours. Because, there will be some sites who will provide you with the feeds and may contain some malicious scripts in it and which can be used to take direct access to your computer.
How can I be safe from it ?
Well, it is not difficult to be safe from it. All you need is caution and awareness. Here are simple steps which I think can help you in becoming safe :
* Always subscribe to the feeds of the post and avoide comments' feeds
* Never subscribe to the feed of unethical website.
* Check the site's review in site advisor (http://www.siteadvisor.com).
* Search for the review of the website.
* Feeds of Blogger.com are safe because the owners of the blog don't have control over the feeds, so if it is blog powered by Blogger.com then it is safe to subscribe to it's feed. (Reviewsaurus is also safe...he he he)
* Another way is by disabling the Javascript and keeping the browser's security to high level.
Well, here are some of the ways through which you can keep yourself safe. In case you know any other way, then don't forget to mention it over here in the comments.
Tags:
