RSS can be used as an attack tool

Security experts warn that RSS feeds can be exploited to attack unprotected PC systems.

The above information was published by SPI Dynamics security expert Robert Auger at this year's Black Hat Conference. Auger emphasized that this is a problem that is really dangerous to the flow of RSS information. Hackers just need to add some malicious JavaScript code and the RSS Feeds are already able to attack users.

SPI Dynamics claims that every application reading RSS Feed - whether it is a software application on the computer or an online application on the web - can be attacked by the above method. Through such attacks, an attacker can steal sensitive information such as passwords or personal data of users.

More dangerous is that such attacks can originate from trusted sites. Some Blog sites now allow users to submit comments directly attached to RSS feeds. This is exactly how hackers can take advantage of adding JavaScript code into RSS feeds.

Or hackers can open a blog site of their own and spread dangerous RSS streams. This is how expert Auger believes it will be the most popular attack by hackers.

For web-based RSS applications, Bloglines is considered the most vulnerable application. Meanwhile, the RSS Reader, RSS Owl, Feed Demon, and Sharp Reader are RSS software that is easy to face with the most attacks.

To protect the system, expert Auger recommends that users disable the feature that allows running scripts, applets, and plug-ins in the RSS application.

Hoang Dung