Microsoft Responds On RSS Security Concerns in Windows Vista
Posted by Steven Parker on 09 August 2006 - 13:39 · 4 comments & 2905 views
About the Author
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by MrCobra on 09 Aug 2006 - 14:01
- All these problems and they're seriously going to put this out in a few months. I'll wait until Vista SP1 is out before I migrate over if at all.
-
#1.1 Posted by markjensen on 09 Aug 2006 - 15:20
- My understanding is, from reading the article, that this isn't a "Vista" thing. That it is an RSS implementation thing. If you have XP and get IE7 (with its RSS features) then you would still be at the same risk.
And it isn't limited to Microsoft products, either. RSS is becoming more popular in other apps, such as Opera and Firefox, too.
-
#2 Posted by dangel on 10 Aug 2006 - 08:54
- It's good to see MS taking all elements of security so seriously - a marked difference from the 'more features' ethos of old..
RSS offers some distinct advantages over email. Being an opt-in only method, it eliminates the potential for external spammers to jam up one's feed reader with useless messages, as happens with email inboxes.
Should a feed be compromised, as was discussed at Black Hat in a session on RSS security, the attacker could hit thousand of subscribers with a malicious payload almost instantly.
That presentation also picked on web-based RSS readers, citing their vulnerability to SQL injection, command execution, and DoS attacks. These are scenarios that Microsoft wants to eliminate before they become a reality.
In the Team RSS Blog, Walter vonKoch of Microsoft wrote of how the company has considered potential issues in IE7 and the Windows RSS Platform. They have worked on ways to thwart possible threats from scripts in feeds.