Please support our IT Water Cooler advertiser: Affiliate Marketing
Featured Entry 
Aug 5th, 2006, 6:55 pm
More bad news from the Las Vegas Black Hat Convention, this time for the blogging community. Most RSS reader software is vulnerable to malicious JavaScript insertion attacks, and web based readers are not immune either. With typical JavaScript based attacks targeting passwords and personal data, it is something that should be taken seriously, Yet when I did a quick pop quiz amongst family and friends, not a single one (those in the IT security business apart) was aware that such software was a potential risk.
The fact that this kind of attack can be easily launched from even a trusted site, by way of blog commenting with rogue code included, makes it all the more dangerous. It is not something restricted to rogue bloggers by any means.
Although it is easy to lay the blame at RSS reader software developers for not building in better security checks from day one, the real problem runs deeper than that. The root of the problem is, it has to be said, not RSS software at all but rather the lack of understanding of IT security at its most basic of levels, and an apparent inability for the average user to realize the very real risk to their very real personal data by not getting it.
If you can, then disable script and applets from in-feed launching.
Combining this with general safe computing practice, including running a firewall and anti-malware scanners, represents the best defense.
The fact that this kind of attack can be easily launched from even a trusted site, by way of blog commenting with rogue code included, makes it all the more dangerous. It is not something restricted to rogue bloggers by any means.
Although it is easy to lay the blame at RSS reader software developers for not building in better security checks from day one, the real problem runs deeper than that. The root of the problem is, it has to be said, not RSS software at all but rather the lack of understanding of IT security at its most basic of levels, and an apparent inability for the average user to realize the very real risk to their very real personal data by not getting it.
If you can, then disable script and applets from in-feed launching.
Combining this with general safe computing practice, including running a firewall and anti-malware scanners, represents the best defense.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 998 views, 0 comments, and 0 linkbacks. 2 voters have rated this entry an average of 4.5 out of 5 stars. It was promoted to featured status Aug 5th, 2006.
•
•
•
•
advertising apple blog business daniweb dell development economy email facebook firefox gaming google government hacking hardware ibm intel internet iphone ipod linux mac malware marketing microsoft mobile mp3 music news open source privacy programming search security server software sony spam stocks technology ubuntu video vista web windows xp yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb IT Water Cooler Marketplace
Related Blog Entries
- Your Boss's Hairy Eyeball May Be Watching You (5 Hours Ago)
- Nintendo Rides Wii to Huge Profits - Think Wall Street Notices? (8 Hours Ago)
- Got XP? (1 Day Ago)
- Qualcomm -- Mobile Monopoly Spells Opportunity For Long Haul (1 Day Ago)
- Google gives users an insight into search (1 Day Ago)
- MyEclipse Maker Spends Green to Go Green (1 Day Ago)
- A Summit About SaaS? Seriously? (2 Days Ago)
- Does Who The CIO Report to Impact Communications? (2 Days Ago)
- Apple admits mistake (2 Days Ago)
- Apple fixes iPhone 2.0.1 software to break Pwnage tool (2 Days Ago)
Related Forum Threads
- How do I put a blog RSS feed in PHPBB? (PHP)
- How to use this site's RSS feed? (DaniWeb Community Feedback)
- RSS Feed Readers (Geeks' Lounge)
- Rss Feeds! (RSS, Web Services and SOAP)
- Where are the good Java RSS Feeds? (Java)
- RSS Feed (Web Browsers)
