RSS and Web Feeds a Risk?

A followup whitepaper [PDF] to a recent talk at the blackhat security conference has been released outlining the risks associated with web based feeds such as RSS and Atom. From the article: "Attackers could exploit the problem by setting up a malicious blog and enticing a user to subscribe to the RSS feed. More likely, however, they would add malicious JavaScript to the comments on a trusted blog, Auger said. "A lot of blogs will take user comments and stick them into their own RSS feeds," he said."

Huh?

[Umbral+Blot]

Seems more like a problem with allowing javascript in comments (a really dumb idea) than a problem with RSS.

Old technique, new medium

[fosterNutrition]

Not to be the jerk here, but it really shouldn't be that big of a news story that some people discussed the idea that it might not be the best security practice to allow unvalidated user input.

Nobody would think of performing no kind of checking on things submitted into a plain old text box, so why would it be safe just because it's now in the "synergetic web 2.0 blogosphere of community-driven empowerment through technology"

Oh well, still a moderately interesting article...

So..

[Tracer_Bullet82]

If I trust someone and let them have free access to my house, there's a chance one day they'll swipe every thing from it and load into a truck..

just because something is some kind of "new" technology does not mean any different..

use common sense and intelligence.

Re:So..

[truthsearch]

That's a bad analogy. The internet's more like a series of tubes than a truck... oh, um, forget it.

Heh

[Andrew+Kismet]

Isn't it amusing I found this article by using /.'s own RSS fee!"$%&() ****NO CARRIER****