Categories
- Arts & Entertainment
- Business
- Communications
- Computers
- Culture & Society
- Disease & Illness
- Fashion
- Finance
- Food & Beverage
- Health & Fitness
- Hobbies
- Home & Family
- Home Based Business
- Internet Business
- Adsense
- Affiliate Programs
- Affiliate Revenue
- Auctions
- Audio Streaming
- Autoresponders
- Banner Advertising
- Blogging
- Click Bank
- Directories
- Domain Names
- Ecommerce
- Email Marketing
- Ezine Publishing
- Forums
- Internet Marketing
- Link Popularity
- List Building
- Podcasting
- PPC Advertising
- RSS
- Security
- SEO
- Site Promotion
- Spam Blocker
- Technologies
- Traffic Building
- Tutorials
- Video
- Video Streaming
- Viral Marketing
- Web Design
- Web Development
- Web Hosting
- Webmasters
- Legal
- Pets & Animals
- Politics
- Product Reviews
- Recreation & Sports
- Reference & Education
- Religion
- Self Improvement
- Shopping
- Travel & Leisure
- Vehicles
- Writing & Speaking
Information
Security and RSS Feeds
Submitted: 2007-01-17 13:42:49
Print this article | Tell a friend | For publisher |
RSS is growing at a lightening speed. What was once only known as a "techie tool", RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS' future.
Security Implications Related to RSS.
As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel. The expansion capabilities of the RSS specification, specifically the "enclosure" field which has launched the podcasting phenomenon, is where the vulnerabilities lie. The enclosure field in itself is not the problem, in fact the majority of RSS feeds do not even use the enclosure tag. The enclosure tag is essentially used to link to file types, things like images, word documents, mp3 files, power point presentations, and executables and can be thought of in similar terms to email attachments.
The fact that RSS can be used to distribute these file types has opened a myriad of doors to users of the syndication standard, but also has created cause for concern. Most people do not feel that the risk is significant because people "choose" the content that they receive, and while it might make the distribution of malware, viruses and spy applications via RSS less prevalent, their is still the inherent risk of a infected file being distributed.
The problem is one of both technology and lack of education.
The danger lies in the fact that many RSS readers, news aggregators, or pod-catchers automatically download the information contained in the enclosure field regardless of its file type or source.
Most RSS developers acknowledge the risks associated with the enclosure field, but few have had the forethought to include filtering, screening or authentication capabilities and many automatically download enclosures.
Nick Bradbury of Bradsoft/NewsGator seems to be proactive, designing FeedDemon with security in mind. FeedDemon uses an editable safelist of file types as well as allowing users to monitor what files are automatically downloaded. FeedDemon also contains hard-coded warnings related to specific file types.
Developers of ByteScout took a different approach to the handling of enclosure files, ByteScout does not automatically download anything without user intervention for each download.
Unfortunately, not all RSS readers, aggregators and podcatchers consider the possible security implications associated with RSS feeds and podcasts, some will automatically download enclosures without warning or any thoughts of security. Be sure to examine how your RSS reader handles files contained in the enclosure field of an RSS feed.
With the increased use of RSS and podcasting, the security risks increase with it. Their is cause for concern, however proactive users and conscientious developers can easily subvert the risk by taking precautions seriously. Computer viruses and malware are cause for legitimate concern, there is ample time and action that can avert potential problems.
About The Author
Sharon Housley manages marketing for FeedForAll http://www.feedforall.com software for creating, editing, publishing RSS feeds and podcasts. In addition Sharon manages marketing for FeedForDev http://www.feedfordev.com an RSS component for developers.
Article source: Expert Articles
Most Recent Articles in RSS category
- If Current Online Trends Confuse You Then Here is a Quick Guide to Rss, Blogs and How to Start Up - By: Braeg Heneffe
Confused about the latest online jargon like Blogging and RSS feeds? Most of us are, as we are not all computer geeks who fall into the latest trends as easily as sipping that first coffee of the day. What are we missing, and do we really need all these new updates? - RSS Is Best Options To Make More Money and Get Traffics - By: Dr. Anuj Gupta
You have heard the term RSS, but do not know exactly what it was and how to use it. Now you will learn how to use this technology to your sites "fresh". RSS stands for Really Simple Syndication or Rich Site. - The Power of RSS in the Online Publishing World - By: Ben Recknagel
The introduction of RSS (Really Simple Syndication) to the web has introduced a new way for end users to receive information through selected web pages of their choice. - How Non-technical Webmasters Are Harnessing the Power of RSS... - By: Diya Sood
The opportunity to quickly and easily implement and harness the power of RSS is quite real and new programs become available every week that allow non-technical marketers and webmasters to capitalize on the effective use of RSS. - What Are RSS Feeds - By: S. Housley
RSS Feeds.RSS also known as rich site summary or real simply syndication, arrived on the scene a number of years ago, but was only recently embraced by webmasters as a means to effectively syndicate content. RSS Feeds provide webmasters and content providers an avenue to provide concise summaries to prospective readers. - RSS is a Life Raft, Saving Us from a Sea of Useless Information - By: Jesse S. Somer
One of the main problems with the Internet these days is the fact that there is so much information out there; it can be quite hard to find the particular knowledge that you’re looking for. It can often feel like you’re surfing waves of thick chocolate fudge sauce and your honeycomb board has a crack that’s getting wider by the second. Over stimulus is the issue here; you wanted to read opinions from music enthusiasts about music, and every second blog article had to do with new punk hairdo trends and which band has the coolest tattoos. - What Is This RSS, XML, RDF, and Atom Business? - By: Meryl K. Evans
It's been a long day at work and you're in no mood to cook dinner or go out. Time to count on the reliable pizza delivery guy. The order is called in and he promptly arrives with smokin' hot pizza within 30 minutes as promised. - RSS & How to Use It -- Part 2 - By: David Congreave
Welcome to part 2 of the article that aims to give you just enough information to help you understand RSS and start using it. Part 1 gave you simple instructions on how to read and subscribe to an RSS site feed, part 2 will give you simple instructions on how to publish your own. Firstly, which websites can benefit from a site feed? - RSS & How to Use It (part 1) - By: David Congreave
Have you ever read an article, intended to explain RSS in simple terms that, begins well, but soon descends into confusing jargon or information overload? If so, take heart, I was in the same place a few months ago. Often the best way to understand something, is to use it. - Feed The Need: 5 Ways To Use RSS To Boost Your Business Or Organizational Success - By: Soni Pitts
RSS (it stands for Really Simple Syndication, among other things) is a relatively new technology that allows anyone who creates frequently changing web content - news, blogs, current events, etc. - to deliver their messages to interested readers with no fuss, no muss and best of all - no spam! Currently, RSS is being used by content-rich sites (mainly blogs and news centers) to keep readers up-to-date on newly published posts or breaking stories.