What Are The Security Implications of RSS?
RSS is growth is moving faster than the speed of light. Okay perhaps a slight exaggeration, but by all accounts RSS is growing at a phenomenal rate which brings us to the question about what the security implications of RSS are.
Most of us have heard or read about RSS on our internet travels, but for those of you that aren’t real techie you might be wondering what exactly RSS is.
RSS is a family of XML format that is used to syndicate news, major news sites, article sites, and even web blogs. Originally it was all about the news but these days it’s more about anything that can be broken down into individual items. If it can be broken down it can be send through an RSS feed.
It wasn’t that long ago that only techie types were using this slick tool. Now just about everyone is using RSS feeds. And that’s led to some not so good issues like RSS spam which is quickly becoming a major annoyance but the real problems relate to RSS security.
As RSS grows and more and more people utilize it, the fear of security issues loom in the horizon. The security issues tie the simplicity of the RSS feed and the skill of the hackers. It’s just a matter of time before hackers
The vulnerabilities aren’t with the original RSS feeds but rather with the new enclosure field. Technically the field itself isn’t the problem because most feeds don’t even use the tag. The enclosure tag is used to link pictures, documents, mp3 files, or any executable file.
Because RSS feeds now have the ability to attach these types of files the door is now open for malicious hackers to spread viruses, spyware, or malware.
The problem is two fold. RSS readers automatically download the content regardless of the file type or the source of that file. Almost all RSS developers acknowledge that there is an associated risk with these open door but to date few have taken the initiative to close the door before all hell breaks loose.
The second part of the problem is the users themselves who don’t fill there is a big concern because they choose the content they want delivered to their computer. Thus they perceive the problem as not of major concern and do nothing to protect their computer.
There are a few companies that I tip my hat to because they have had the foresight to tackle the problem now before it actually turns into a nightmare.
Bradsoft Newsgator has been proactive with their design FeedDemon which is security orientated. It has a built in safe list which it monitors as well as an attached warning related to certain file types.
ByteScout has also been proactive although with a somewhat different approach. ByteScout does not download anything without the user okaying the download. Although this does not do much to stop the infiltration of malicious files it does make the receiver more aware and leaves them to make the final decision.
Hopefully more RSS developers will jump on the bandwagon shortly thus avoiding any potential problems before they occur. As it stands now the security implications of RSS are rather scary.
Deon Melchior is the Editor and Publisher of Article Click. For more FREE articles for your ezine and websites visit ArticleClick.com. Article Click is a free content article directory. This means that as a publisher you may reprint the articles that are included in our site, as long as the article is unedited and the author box is included with it's live hyperlinks.