|
|
|
RSS related security implications If RSS increases, the security gets more endangered. While the publishers are fast in innovating new uses for RSS feeds, the hackers are watching it all. Even in its raw form, the extendibility and the power of RSS can make it very vulnerable. The very abode of these vulnerabilities is the expansion abilities of the specification of RSS, mainly the enclosure field which is the launcher of podcasting phenomenon. Basically, this enclosure field is not a headache, since the enclosure tag is not used by RSS feeds. The tag is generally used in linking file types such as word documents, mp3 files, images, and executables and in the same terms in email attachments. RSS Distributing these file types has helped the immensely the syndicate standard users but long with that it has also created problems. But we dont take these problems as risks since we select the content received which limits spreading of viruses, spyware through RSS; still we run at a risk if an infected file is spread. This risk is the effect of technology and our poor education. Several RSS readers, pod catchers, news aggregators automatically download the information from the enclosure field even if they dont know their sources or file types. This ignorance often calls for dangerous insecurities for our computers. Generally speaking almost all the RSS developers admit the risks that are attached with the enclosure field but a very few developers dont care to equip the RSS feeds with screening, filtering and authentication abilities and a myriad of automatically download enclosures. It is very unfortunate that every RSS readers or aggregators or pod catchers ponder over the probable security implications related with RSS feeds or podcasts. Usually some work automatically downloading enclosures sans any warning or any concerns about the security. So ensure to introspect the handling of files by your RSS reader. |
加入最爱