This makes me unhappy. I wonder what is going to be done to plug this little honey pot! I will keep watching.
RSS Feeding Attacks
Hackers are constantly on the lookout for newer methods to perpetrate attacks. Security researchers have to keep one step ahead and ferret out possible avenues that are prone to attacks, and that’s just what Robert Auger is doing.
The SPI Dynamics security engineer has identified Rich Site Summary (RSS) and ATOM feed technologies as platforms that can be exploited by hackers to steal keystrokes, cookies and user credentials. By injecting malicious code into the feed, the hacker can succeed in compromising all the site’s subscribers in one stroke.
Based on the popularity of a particular feed, thousands to millions of people are left open to denial of service attacks, command executions and SQL injections. Auger says that local RSS readers can also be used to access file systems, scan the local network, and then be used for relay attacks.