Do You Know If That RSS Feed Subscription Is Safe?

In case you don’t know, RSS stands for Really Simple Syndication and/or Rich Site Summary. It’s a method for distributing content via an XML format. You can subscribe to RSS feeds from any site that offers them, usually blogs, and then read them using RSS readers on your computer. It’s an efficient and convenient process that many people enjoy.

So let’s delve a little deeper into RSS…

As you now know, or probably already knew, there are RSS feeds and RSS readers. The latter are also known as RSS aggregators, or feed readers. And the feeds contain the content you’re looking for from RSS enabled static sites and blogs. The reader is a software program installed on your home computer.

Now let’s get to the meat of the matter and discuss some security vulnerabilities associated with RSS.

There are risks and vulnerabilities with feeds as well as readers. These risks are inherent with the entire process and is too large a subject to cover in a single blog post.

RSS feed vulnerabilities:

The major security issues with feeds involve a variety of scripts that are injected into the feeds and become incorporated into the normal feed elements. Of course this occurs upstream to your computer, and it’s performed in such a way that it looks like normal feed data.

Some of the exploited RSS elements are: Feed Item links, titles, description XML components; and feed titles. Some Atom feed elements are: Feed title, sub title, author name, and entry updates.

The HTML literal injection exploit:

These involve placement of scripts within literal HTML tag inclusions. In particular cases, when there are HTML tags within a feed, the content is displayed in a literal fashion. When an RSS reader, or aggregator, sees these tags, they’re executed as literals and the scripts they contain are executed.

An infected feed can include scripts that install malicious software that perform additional executions of pretty much any kind, or they can just steal cookies, for example. It all depends on the degree of harmful intent - and your luck of the draw.

The HTML entity injection exploit:

Basically, these exploits are normally read and executed within HTML entities of the RSS feed. The harmful scripts are executed after they arrive on your computer and are read. There’s no way of knowing if you’re reading an infected RSS feed, not right away at least. But still, you won’t know if the RSS feed caused your problem, or not.

Entity injections bring into play issues with ‘local zones’ within your computer. This happens because readers usually store their data within a local directory file, and then you’ll be left with local zone security vulnerabilities within your PC.

A local zone security problem can arise if the infected file has ActiveX configured to read/write files to your hard disk. Then that file can be read and sent to anywhere the hacker specified it to be sent on the net. That is how critical and personal data and information can be stolen from your computer.

The disheartening news about all this is that it’s extremely difficult to use RSS feeds in a safe manner. You can use a reader that removes HTML entities and any meta characters before displaying the feed. Also, you can use a feed reader that strips various tags such as: object, frameset, script, embed, link, meta, etc.

Proceed with caution…

Share/Save/Bookmark