Actually a lot of popular blog sites, blogging services and feeds readers don’t add security checks to disable malicious JavaScript code, opening the door to any kind of security risks and problems.
Bob Auger, a security engineer from SPI Dynamics a Web security company in a presentation at the Black Hat security event at Las Vegas said:
“Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns”, “Attackers could insert malicious JavaScript in content that is transferred to subscribers of data feeds that use the popular RSS” , “they would add malicious JavaScript to the comments on a trusted blog, Auger said. “A lot of blogs will take user comments and stick them into their own RSS feeds”
If the developers of popular applications like Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader don’t fix their creations soon, the next “Mamba Negra” RSS hacking exploit can be waiting in the next corner…
Source: http://news.com.com/2100-1002_3-6102171.html
If you liked my post, feel free to subscribe to my rss feeds
