Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » General Security » RSS Security

RSS Security
Category: General Security
Published: 12/06/2006, 18:58  
Editor: Security Software Zone
 
Print article
Send to a friend
Search in reviews
RSS is growing at a lightening speed. What was once only known as a "techie tool", RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS' future.

Security Implications Related to RSS.
As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel. The expansion capabilities of the RSS specification, specifically the "enclosure" field which has launched the podcasting phenomenon, is where the vulnerabilities lie. The enclosure field in itself is not the problem, in fact the majority of RSS feeds do not even use the enclosure tag. The enclosure tag is essentially used to link to file types, things like images, word documents, mp3 data/files, power point presentations, and executables and can be thought of in similar terms to email attachments.

The fact that RSS can be used to distribute these file types has opened a myriad of doors to users of the syndication standard, but also has created cause for concern. Most people do not feel that the risk is significant because people "choose" the content that they receive, and while it might make the distribution of malware, viruses and spy applications via RSS less prevalent, their is still the inherent risk of a infected file being distributed.

The problem is one of both technology and lack of education.
The danger lies in the fact that many RSS readers, news aggregators, or pod-catchers automatically download the information contained in the enclosure field regardless of its file type or source.

Most RSS developers acknowledge the risks associated with the enclosure field, but few have had the forethought to include filtering, screening or authentication capabilities and many automatically download enclosures.


Unfortunately, not all RSS readers, aggregators and podcatchers consider the possible security implications associated with RSS feeds and podcasts, some will automatically download enclosures without warning or any thoughts of security. Be sure to examine how your RSS reader handles data/files contained in the enclosure field of an RSS feed.

With the increased use of RSS and podcasting, the security risks increase with it. Their is cause for concern, however proactive users and conscientious developers can easily subvert the risk by taking precautions seriously. Computer viruses and malware are cause for legitimate concern, there is ample time and action that can avert potential problems.
Bookmark to:
Add 'RSS Security' to Del.icio.us Add 'RSS Security' to digg Add 'RSS Security' to FURL Add 'RSS Security' to reddit Add 'RSS Security' to Technorati Add 'RSS Security' to Yahoo My Web Add 'RSS Security' to Stumble Upon Add 'RSS Security' to Google Bookmarks Add 'RSS Security' to RawSugar Add 'RSS Security' to Squidoo Add 'RSS Security' to Spurl Add 'RSS Security' to Netvouz Add 'RSS Security' to Rojo Add 'RSS Security' to Bloglines Add 'RSS Security' to Tailrank
Add comment
Security Software Zone is not responsible for the content of these User comments. The views and opinions expressed are those of the individual poster and not the Security Software Zone.
User comments (0):

There is no comment for this review.
 
Reviews related to RSS Security
 

Certification For 5.8 GHZ Band Received by Aperto Networks’
 Builder of the world’s most versatile carrier-grade and cost-effective WiMAX base stations and subscriber units, Aperto® Networks, announced that has it has received FCC certification for its PacketMAX® base stations, base station radios (BSR) and customer premise equipment (CPE).
Read More >
05/29/2008, 08:53
 

Ethernet Product Line Extended by IPITEK
 A leading designer, developer, manufacturer and supplier of Intelligent Broadband Networks, Integrated Photonics Technology (IPITEK), today that it has added the MSP-1GE product to its portfolio of Ethernet transport offerings.
Read More >
04/22/2008, 10:56
 

According to New Survey IT Software Audits will Increase in 2007
 More companies expect an increase in audit activity this year according to the 2007 IT Trends Survey.
Read More >
04/24/2007, 15:34
 

Evidence Tracking Software Built on BACKTRACK Announced by TEKLYNX
 The world's leading developer of software products for the AIDC marketplace, TEKLYNX® International, and Data Support Inc. jointly announced today an evidence tracking software solution, called Evidence Hound.
Read More >
06/10/2008, 13:53
 

GSA Schedule Adds Former AG's Biometric Software Solutions
 Biometric Security Software made Simple, Ceelox, today announced that their solutions have been added to the GSA Schedule. John D. Ashcroft declared: "Protecting our government is paramount."
Read More >
06/11/2008, 14:20

Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District