Secure Coding mailing list archives
RSS security issues and useful reading
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 11 Feb 2004 16:43:05 +0000
Hi all, Over the last couple weeks, I've been reading up on RSS* in my spare time, having only recently been introduced to this neat mechanism--thanks, Dana!. (FYI, we even put up an RSS feed of updates/announcements on securecoding.org in order to dive directly into it.) One of my concerns, naturally, has been security, especially since stand-alone RSS aggregators are _relatively_ new, and I couldn't recall having seen many vulnerability advisories on them. After just a bit of googling, I found several real good sources of information, which I'm including here for anyone that's interested. Most of these have been available for a while, but I thought that they were pretty interesting reads anyway. YMMV... - http://silverstr.ufies.org/blog/archives/000480.html - Dana Epp's blog entry, complete with a Powerpoint presentation that provides a very useful overview of RSS and its benefits. It certainly piqued my interest to explore further. - http://www.2rss.com/ - Solid and worthwhile information on the technology and how it works, along with pointers to news feeds, aggregation tools, etc. - http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely - Excellent article by Mark Pilgrim on the security issues of RSS and how to safely code an RSS aggregator. A must-read if you're writing an aggregator, as well as a highly recommended read if you're just interested in the technology. - http://bitworking.org/news/47 - Information on the security of the Aggie RC5 aggregator, but also contains links to more general RSS security issues as well as a link to a test XML file for testing aggregators for common flaws. - http://www.fibiger.org/archives/2003_02.html#000509 - Interesting horror story about one person's experience with an RSS aggregator (Newsgator) within Outlook. * RSS stands for "RDF Site Summary" or "Rich Site Summary" or "Really Simple Syndication," depending on whom you ask. If you're not familiar with it, check it out. If you spend time reading through various web sites for news, technical info, and other info, then you REALLY should check it out. RSS can be a tremendous time saver. Cheers, Ken -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- RSS security issues and useful reading Kenneth R. van Wyk (Feb 11)