RSS For Hackers?

by admin August 5, 2006 at 3:31 am
0 Comment

LAS VEGAS — RSS is a great technology for delivering content; it’s also a potentially destructive tool for hackers to use as an attack-delivery system.

In a Black Hat presentation here, SPI Dynamics Security Engineer Robert Auger laid bare the plain facts on RSS and ATOM feed exploitation.

Auger tested both Web-based and local RSS readers and found both types to be ripe platforms for malicious users to exploit with code injection that could steal users’ credentials, cookies, keystrokes and other information.

There are two principal approaches for hackers to take advantage of RSS. The first is that the feed owner is malicious and injects the code into their own feed directly. In Auger’s view that’s not the most popular use case.

Augur suggested that rather than defacing a Web site, a hacker could inject an attack into the feed. In such a scenario, the attacker then “owns” all of the site’s subscribers as well.

It’s the delivery potential of RSS that makes it so potentially harmful. It’s an attack vector that has the potential to affect thousands of people at a time based on the popularity of the compromised feed.

Web-based readers are particularly vulnerable to a variety of attacks including SQL Injection, command execution and denial of service.

Read more: internetnews.com

Related Content
Realme C15 Launching in India on August 18: Everything We Know So Far
Facebook’s CEO to meet PM Modi today
Firefox 4 Beta 1: A Visual Tour
Now, access Facebook on mobile devices for free
more news from the blog
Firefox plans mass marketing drive
Mozilla Pushes Security in Firefox 3.0
Spket IDE 1.6.16
Microsoft’s Mega Batch Of Patches, The Second Largest In 2007
Allusion Alpha 1
Apple admits to faulty laptop batteries
Nero General CleanTool 2.2
Microsoft's standardization move divides experts
Trend Micro Pattern File for Windows 8.345.00
Google Answers the Twitter Threat With Time-Based Search Options
NVIDIA BIOS Editor (NiBiTor) 5.7
FastStone Photo Resizer 2.9
North Korea Behind Attack on South Korea, U.S. Sites?
Ram2Free 1.05
REAPER 4.77
Asymptote 1.94
Yahoo Rolls Out Mobile Apps
Ubiquitous Player 0.999.8
Autorun Eater 2.3
Server Recovery: How It Works?
Visual LightBox JS 1.9
AOL gives IM a spit and polish
Radeon Omega Drivers 4.8.442
Osmose 0.2.1
ScanDefrag 5.7
CleanAfterMe 1.36
SphereXPlorer 1.4.10
SMPlayer 0.6.9.3526
Plain Edit 1.7.5
Pale Moon 3.6.3
Kerio free firewall revival
Is "3X DVD" HD DVD's secret weapon against Blu-ray?
Sun: PCs are outmoded