Network Security Journal: RSS Feeding Attacks

This makes me unhappy. I wonder what is going to be done to plug this little honey pot! I will keep watching. 

RSS Feeding Attacks

Hackers are constantly on the lookout for newer methods to perpetrate attacks. Security researchers have to keep one step ahead and ferret out possible avenues that are prone to attacks, and that’s just what Robert Auger is doing.

The SPI Dynamics security engineer has identified Rich Site Summary (RSS) and ATOM feed technologies as platforms that can be exploited by hackers to steal keystrokes, cookies and user credentials. By injecting malicious code into the feed, the hacker can succeed in compromising all the site’s subscribers in one stroke.

Based on the popularity of a particular feed, thousands to millions of people are left open to denial of service attacks, command executions and SQL injections. Auger says that local RSS readers can also be used to access file systems, scan the local network, and then be used for relay attacks.

Source: Network Security Journal: RSS Feeding Attacks

tags: , , ,

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s