|
Posted by Sebastian Gottschalk on August 28, 2006, 6:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
rvincoletto@gmail.com wrote:
> By Renata Vincoletto
>
> Do you like to read a blog? Every day, before start to work, do you
> read your favorite one? What do you use to be updated? RSS? Atom?
>
> If yes, your computer could catch a virtual cold, says SPI Dynamics CTO
> (http://www.techworld.com/Security/features/index.cfm?FeatureID=2745&email)
> .
>
> Software and services used to download feeds transmitted via the RSS or
> Atom formats can download and execute JavaScript code buried within the
> text.
>
> And you are not safe, even if you use trustable services like
> Bloglines, or readers like Firefox, because web feed could contain a
> link to another Web site or blog that's hosting malicious JavaScript.
> Or maybe a blog might have an area allowing readers to post public
> comments. Those can also store malicious bits of JavaScript.
What exactly is "malicious" JavaScript?
> The best way to guard against these sorts of attacks would be for
> blog-reading software and services to re-encode all JavaScript it
> receives to render it harmless. Creating this filter would not cause
> feeds to arrive much slower. But until as we know, no blog-reading
> software or service re-encodes the JavaScript codes.
Who cares? Not every RSS reader actually displays content in such a fashion
that JavaScript is executed at all. Just take the extension Sage for
Mozilla/Firefox - it renders to a text list field.
> My comment: Take care! Don't forget to use a good anti-virus, firewall
> and anti-spyware!
Oh, even more bullshit.
| 
XML site map