How are we going to fix this one? Just keep turing off java, flash and every other cool web service that makes the net great?
Blog Feeds Provide New Security Threat
By Steve Javors
LAS VEGAS â€” Exploiting the vulnerability of blog feeds, hackers have found a new medium to surreptitiously attack PCs.
Auger said blog feeds can be compromised in two ways: hackers setting up a corrupted blog and getting users to subscribe to its RSS feed, or more likely, inserting malicious code into a popular blogâ€™s comments section, which often have their own feed.
Attackers also can send malicious code to mailing lists that offer feeds to attack compromised systems, Auger said. Feeds have risen to prominence because they allow users to consolidate information from websites into a single interface. This eliminates the need for clicking on a plethora of different websites.
â€œA large percentage of the readers I tested had some kind of an issue,â€ Auger said. Vulnerable feed readers include Bloglines, RSS Reader, RSS Owl, Feed Demon and Sharp Reader, according to Auger.