Possible RSS Abuse in Longhorn

dMill writes "There has been a lot of discussion about Microsoft's decision to bake RSS into Longhorn (see previous Slashdot coverage) but the obvious security implications seem to be on the back burner. eWeek has a story discussing the risks and Don Park is also warning about the potential for abuse and exploitation. For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content."

Worse than worms?!?

[zerocool^]

Worse than worms?!? Worms can get into your system, slave it, erase or steal data, slow it down, advertise to you, and any number of other things! What's worse than lost data, identity theft, popups, and a slow computer? Strangulation via TCP/IP?

~Will

OS X

[m0rph3us0]

I guess OS X must be REALLY insecure then.

There is a big difference between RSS being a security risk and a bad implementation of an RSS reader and poor security model being insecure.

Move along...no news here

[mrhandstand]

So what we are being told it that downloading something from a potentially untructed source and then running that data casn lead to bad things? Oh My!

When are we going to stop acting like each new protocol or application vulnerability is a new thing? Until NX (No Execute) and good input sanitization is ubiquitous, these things will contine to plague the networked world.

The perfect slashdot article

[gowen]

vulnerabilities in iPod codec, then podcasting is a good way to deliver overflow inducing content.

Only on slashdot can people find a way to blame (putative) Apple vulnerabilities on Microsoft.