|
|
|
Getting the Most From Your Digital Camera Memory Card
Imagine taking your new digital camera on a vacation and then realizing that you can barely click 20-30 images at a go. So, what do you do to avoid such a situation? The answer to this question lies in the purchase of an extra memory card or two. ...
Nokia Themes: Celebrate In Style
Whether you're celebrating a holiday or a birthday, an anniversary or graduation, or you just want to express yourself, a Nokia theme can be the way to do it. With new bright colored screens and great polyphonic theme music, your Nokia phone can...
The Apple Ipod Is A Great Learning And Resource Tool As Well!
Using the iPod to gain knowledge quickly and effectively!
There is no doubt that the Apple iPod has become a common item amongst today's youth as a great music player. But is the iPod more than just a music player?
In fact, the iPod is more...
What You Should Really Know About the Sony Mp3 Players
The Sony NW-HD5 20GB hard drive audio player is a solid competitor: It certainly has a leg up on its wheel-sporting white rival in the battery life department, and it has a couple of navigation features that should make Apple take note.
Sony has...
Who Else Wants to Explode Their Sales with
Audio is not new to the Internet. Several marketers have been
using it for years and have successfully proven that audio does
increase sales. I have read that audio can increase your sales
by as much as 300% and some report up to 426% increase in...
|
|
| |
|
|
|
|
RSS Security
RSS is growing at a lightening speed. What was once
only known as a "techie tool", RSS is
becoming a tool that is continuously being used
by the general population. Along with the good comes,
the not so good. And while some have mentioned the
emergence of RSS spam, where content publishers
dynamically generate nonsensical feeds stuffed with
keywords, the real concern relates to security.
While an annoyance to the search engines, spam in
RSS feeds pales in comparison to the possible security
concerns that could be in RSS' future.
Security Implications Related to RSS.
As RSS gains momentum security fears loom
large. As publishers are quickly finding innovative
uses for RSS feeds, hackers are taking notice. The
power and extendibility of RSS in its simplest form
is also its achilles heel. The expansion capabilities
of the RSS specification, specifically the "enclosure"
field which has launched the podcasting phenomenon,
is where the vulnerabilities lie. The enclosure
field in itself is not the problem, in fact the
majority of RSS feeds do not even use the enclosure
tag. The enclosure tag is essentially used to link
to file types, things like images, word documents,
mp3 files, power point presentations, and executables
and can be thought of in similar terms to email
attachments.
The fact that RSS can be used to distribute these
file types has opened a myriad of doors to users
of the syndication standard, but also has created
cause for concern. Most people do not feel that
the risk is significant because people "choose"
the content that they receive, and while it might
make the distribution of malware, viruses and spy
applications via RSS less prevalent, their is still
the inherent risk of a infected file being distributed.
The problem is one of both technology and lack of
education.
The danger lies in the fact that many RSS
readers, news
aggregators, or pod-catchers automatically
download the information contained in the enclosure
field regardless of its file type or source.
Most RSS developers acknowledge the risks associated
with the enclosure field, but few have had the forethought
to include filtering, screening or authentication
capabilities and many automatically download enclosures.
Nick Bradbury of Bradsoft/NewsGator seems to be
proactive, designing FeedDemon with security in
mind. FeedDemon uses an editable safelist of file
types as well as allowing users to monitor what
files are automatically downloaded. FeedDemon also
contains hard-coded warnings related to specific
file types.
Developers of ByteScout took a different approach
to the handling of enclosure files, ByteScout does
not automatically download anything without user
intervention for each download.
Unfortunately, not all RSS readers, aggregators
and podcatchers consider the possible security implications
associated with RSS feeds and podcasts, some will
automatically download enclosures without warning
or any thoughts of security. Be sure to examine
how your RSS reader handles files contained in the
enclosure field of an RSS feed.
With the increased use of RSS and podcasting, the
security risks increase with it. Their is cause
for concern, however proactive users and conscientious
developers can easily subvert the risk by taking
precautions seriously. Computer viruses and malware
are cause for legitimate concern, there is ample
time and action that can avert potential problems.
About the Author
Sharon Housley manages marketing for FeedForAll
http://www.feedforall.com
software for creating, editing, publishing RSS feeds
and podcasts. In addition Sharon manages marketing
for FeedForDev
|
|
|
|
| | |