Blog readers are vulnerable to malicious codes
am 28.08.2006 10:53:46 von rvincolettoBy Renata Vincoletto
Do you like to read a blog? Every day, before start to work, do you
read your favorite one? What do you use to be updated? RSS? Atom?
If yes, your computer could catch a virtual cold, says SPI Dynamics CTO
(http://www.techworld.com/Security/features/index.cfm?Featur eID=2745&email)
..
Software and services used to download feeds transmitted via the RSS or
Atom formats can download and execute JavaScript code buried within the
text.
And you are not safe, even if you use trustable services like
Bloglines, or readers like Firefox, because web feed could contain a
link to another Web site or blog that's hosting malicious JavaScript.
Or maybe a blog might have an area allowing readers to post public
comments. Those can also store malicious bits of JavaScript.
The best way to guard against these sorts of attacks would be for
blog-reading software and services to re-encode all JavaScript it
receives to render it harmless. Creating this filter would not cause
feeds to arrive much slower. But until as we know, no blog-reading
software or service re-encodes the JavaScript codes.
My comment: Take care! Don't forget to use a good anti-virus, firewall
and anti-spyware!
Read more: http://rvincoletto.multiply.com/journal/item/185