Some Links of interest:
Sam Freedom's Internet Marketing Controversy Blog

Custom Logo Design at no cost!



Join my Notify List and get email when I update my site:
Powered by

Wednesday, January 17, 2007

RSS technology, serious security time bomb that could blow any second?

What do you think about the security issues with RSS? If you think about it, it's a malicious code writter's ideal vehicle. You put the malicious code on one website and instantly it gets displayed on all the users that are subsribed to the RSS feed through their RSS readers and also all the websites using the feed as syndicated content.
So in reality the security each subscriber/website is only as strong as security of the publisher of the RSS feed. It's a scary thought. Even if it's not malicious code, what if someone suddenly goes nuts and decides to suddenly display anti-semitism remarks in the RSS feed and thousand of websites with serious reputations display this feed... it could have instant desastrous impacts on alot of businesses.
In my years of doing business online, I've found that automation can be a great friend to any business but I've also found that (although programmers would disagree with me), on a practical perspective, automation has to have its limits. Theoricaly, there is no real limititation to automation but in reality, there has to be. RSS feed essense is it's automation, it delivers aumaticaly updated content to whoever wants it.
I think in 2007, there should be serious improvements to RSS delivering methods. Here are few thing I could see happening: first on automation there needs to be some type of filters added that checks for malicious code in the feed before it's delivered to recipients, right now it's instantaneous. Second there should be an option for the ability to get a human to review the content before it's posted to their website (if this is what the rss feed is used for), that way large organizations that have something to lose can appoint an employee to keep an eye on the content their rss feeds are displaying.
Well that's it, just me thinking out loud on my blog. I find RSS an amazing technology but that we're bound to see hackers and malicious users take advantage of in the near future.


Anonymous Alden said...

I suspect the simplest way would be to simply strip out javascript and embedded scripts. Livejournal already does this when it imports RSS feeds for people to read.

12:22 AM  

Post a Comment

<< Home