One new feature of “Web 2.0″, the movement to build a more responsive 
Web, is the utilization of XML content feeds which use the RSS and Atom
standards. These feeds allow both users and Web sites to obtain content
headlines and body text without needing to visit the site in question,
basically providing users with a summary of that sites content. Unfortunately,
many of the applications that receive this data do not consider the security
implications of using content from third parties and unknowingly make
themselves and their attached systems susceptible to various forms of
attack.
This white paper discusses various forms of attacks based on Web feeds that
follow the RSS, Atom and XML standards. This paper does not extensively
cover each XML element and its usage within Web-based feeds, nor does it
address other vulnerability scenarios such as buffer overflows and other XML-
specific risks. The goal of this paper is to outline the risks of lesser-known
threats which are currently emerging on the Web utilizing Cross-Site
Scripting Hacking Feeds PDF
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag