How can attackers exploit RSS software flaws?
RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and distribute malicious code.
So, what are the security risks?
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
They fall into two categories: attacks against RSS software itself, and attacks that use RSS to distribute malicious code to browsers and mail readers.
The software in RSS readers parses the XML, and it is conceivable that the software can have a buffer overflow, format string, or other vulnerability that an attacker could exploit. If that is indeed the case, the RSS reader can be exposed to such attacks whenever it updates itself; no human interaction is even necessary. While there isn't a history of specific flaws in RSS readers, it's certainly something to keep an eye on, given all of the client-side vulnerabilities in other software we've seen recently.
Attackers could also embed malicious scripts in RSS feeds, hoping someone will use a browser to read the feed and then run the malicious script inside the browser. There is indeed a history of this kind of attack. About a year ago, Yahoo's in-line RSS reader was discovered to have a cross-site scripting flaw.
An attacker could create an RSS feed that includes a cookie-stealing browser script and push the feed to someone who uses the Yahoo Web site to read RSS updates. An attacker could then steal all of their Yahoo-related cookies.
What's the best defense against these kinds of attacks? First off, make sure you keep your client-side applications patched; that includes browsers and RSS readers. Next, deploy an antivirus and antispyware tool to try to foil malware that might get loaded. And, finally, keep your RSS feeds pared down to those for which you have a defined business purpose. Don't subscribe to hundreds of useless feeds; focus on those that you really need.
Dig Deeper on Threats and vulnerabilities
Related Q&A from Ed Skoudis
How to combat the top 5 enterprise social media risks in business
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
What software development practices prevent input validation attacks?
Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A... Continue Reading
Does Teredo present security risks to the enterprise?
Teredo allows internal networks to transition to IPv6, interconnecting them through their NAT devices and across the IPv4 Internet. Ed Skoudis ... Continue Reading