RSS – Really Suspect Security?

I probably wasn’t the only one who drew a sharp intake of breath when I read this article by Eric Lai in IT World Canada (hat tip to Julia).  The ability to read RSS feeds is a crucial feature in the progressive acceptance, importance and influence of blogs to the general public. 

This was the first serious hurdle to the adoptance of RSS that I’ve seen (if you’ve seen others, please leave them in the comments) and one that will really worry a shed load of IT managers and CIOs. 

So I was pretty relieved when I read Blogline’s own retort to the accusation which, I hope, will go some small step to relieving the fears of the above group. 

Feed Security and You

The Blogsphere (and the outside world) has been abuzz today with the presentation by SPI Dynamics at the Black Hat security event about a publisher’s ability to insert malicious javascript code into RSS or Atom feeds. Bloglines was inaccurately listed as still vulnerable to this attack in most of the press reports.  

On July 18th 2006, Bloglines was privately notified by SPI Dynamics of a security vulnerability involving the injection of javascript in feeds. Realizing the severity of the exploit, on the same day we pushed a fix out to close this loophole. We’d like to thank SPI Dynamics for both finding this issue and notifying us of the exploit in a reasonable manner allowing us to keep our users secure. – The Bloglines Team 

It looks as if the Bloglines team will have their work cut out for them over the next few years as the few try to ruin a new phenomenon for the many.

Do you represent a laptop manufacturer or retailer?  Do you want your logo here?  If you do, please email me!  

2 Responses to RSS – Really Suspect Security?

  1. […] “This was the first serious hurdle to the adoptance of RSS that I%u2019ve seen (if you%u2019ve seen others, please leave them in the comments) and one that will really worry a shed load of IT managers and CIOs. “ […]

  2. Thanks for the hat tip🙂 I love the skinny jeans reference coupled with tech geekiness.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: