Comments on: RSS “security”

By: Nick Harris

Nick Harris — Fri, 22 Feb 2008 16:41:51 +0000

@Shaun -

Security on the subscriber side is also dependent on what program you’re using to consume RSS. The risks are similar to those of a browser, but with programs like FeedDemon, Inbox or NewsGator Desktop, they’re actually much less.

Both FeedDemon and Desktop use and embedded copy IE, but with much more control over what IE will allow to run. In both programs, javascript is disabled which thwarts most common exploits. Since Inbox is an Outlook add-in, it also inherits Outlook’s security model as further protection.

Nick Bradbury has a post (http://nick.typepad.com/blog/2006/08/feed_security_a.html) which goes into more detail about FeedDemon.

On top of that, our enterprise solution uses a centeral server that does the actual retrieval of RSS items then distributes it out to users within the enterprise. As items are retrieved they are scrubbed of potential security issues before they are delivered to end users. It adds another layer of security on top of the things you mention.

By: Shaun Drutar

Shaun Drutar — Fri, 22 Feb 2008 05:27:09 +0000

So you talk about security from the perspective of the publisher. I would like to hear your thoughts on risks to the end user. Thus far RSS subscribers are exposed to similar risks as web browsers. The real exception here is the automated download of RSS and podcast type content. In corporate environments “most” RSS users are protected by the various layers of web content filtering already in place for HTTP traffic. Add anti-virus and other host based defenses, you are somewhat protected as a subscriber. If you account for zero-day exploits and attacks, the risk from RSS is very real…but still somewhat mitigated.

By: Dui

Dui — Wed, 20 Feb 2008 05:51:22 +0000

I know this article is rather old, but is this still a problem with RSS today? I just stumbled on this page. Honestly, I wasn’t aware that this was even an issue.

By: SEO

SEO — Sun, 19 Aug 2007 07:12:52 +0000

I loved the article, having RSS on a few of my sites this has really opened my eyes to RSS.

Thanks.

By: Alessandro

Alessandro — Tue, 03 Apr 2007 15:58:23 +0000

I believe that RSS should remain open and public standart. if you need any private solution - choose somethink else. RSS was initially created for public.

By: nooked™ - really simple shopping

nooked™ - really simple shopping — Tue, 06 Mar 2007 14:35:28 +0000

Pingback

By: ckunte.com | Jumpers

ckunte.com | Jumpers — Thu, 16 Mar 2006 16:05:03 +0000

Pingback

By: Greg Reinacker

Greg Reinacker — Sun, 12 Feb 2006 02:19:49 +0000

Nalaka, if you’re using Windows, I’d recommend NewsGator Outlook edition or FeedDemon. :-)

By: Nalaka

Nalaka — Sat, 11 Feb 2006 02:55:01 +0000

Im looking for a RSS desktop aggregator with HTTP Digest Authentication support.

any ideas?

By: Yet another blog » RSS Security

Yet another blog » RSS Security — Thu, 22 Dec 2005 16:37:32 +0000

Pingback