RSS Aggregators and their Security

Many RSS readers, news aggregators, or pod-catchers automatically download the information contained in the enclosure field regardless of its file type or source.

An infected feed can include scripts that install malicious software that perform additional executions of pretty much any kind, or they can just steal cookies, for example.

Basically, these exploits are normally read and executed within HTML entities of the RSS feed. The harmful scripts are executed after they arrive on your computer and are read. There’s no way of knowing if you’re reading an infected RSS feed, not right away at least. But still, you won’t know if the RSS feed caused your problem, or not.

Some developers of RSS Aggregators nowadays become more aware of the problem concerning security and have their own solutions, which can improve computer's protection. They have different approaches to it.

FeedDemon uses an editable safelist of file types as well as allowing users to monitor what files are automatically downloaded. FeedDemon also contains hard-coded warnings related to specific file types.

Developers of ByteScout took a different approach to the handling of enclosure files, ByteScout does not automatically download anything without user intervention for each download.

 

RSS Feed and RSS Reader Security Risks

       Anti-malware applications and spam filters are now widely used by nearly all users. Yet digital garbage may still be pouring into your machines from an unsuspected source: RSS and Atom feeds.

       Both feed formats automatically deliver updated news and other types of Web information directly to subscribers' readers and aggregators. But feeds can also be used by hackers to secretly transfer viruses, Trojan horses, worms and various other types of malware. That's because feed suppliers often scoop up content automatically without giving thought to the code's safety. As a result, data — both good and bad — is transferred directly to subscribers' computers.

       Malware, such as bad HTML and JavaScript, can enter the feeds of even well-known and respected RSS and Atom content suppliers when material is pulled in from other sources without first being checked.

       Furthermore, the supplier itself may be a source for yet other suppliers. Such "re-syndication," which exposes content to perhaps millions of computers within just a few hours, makes RSS and Atom feeds a tempting delivery medium for savvy hackers.

What to Do

       Simply banning the use of readers and aggregators isn't a good idea, since the move will deny users access to truly useful content, such as news updates. A better approach is to ensure that an approved reader or aggregator contains tools that can strip away malicious code before it can do any damage.

       There exist some products developed by vendors that are aware of the feed security problem and have taken the steps necessary to address the issue. Microsoft, for example, meets these criteria. According to Microsoft, the company's Windows Vista and Internet Explorer 7 products employ a dual-pronged approach to feed security:

1. Sanitization: The Windows RSS Platform uses several techniques to strip out dangerous JavaScript — and several other variations of malicious HTML — before storing the feed content. 
2. Restricted Feed View: In the event the first step misses an intruder, Internet Explorer's feed view uses a Restricted Zone approach to spot problematic feeds so that no dangerous script in a feed will ever run, even if made it through the previous step.

Main points to know about RSS Aggregators

Information, which everyone should know about 
RSS Aggregators:

1) RSS is an acronym for Really Simple Syndication and Rich Site Summary. RSS is an XML-based format for content distribution.

2) An RSS feed is a set of instructions residing on the computer server of a Web site, which is given upon request to a subscriber’s RSS reader, or aggregator. The feed tells the reader when new material — such as a news article, a blog posting, or an audio or a video clip — has been published on the Web site.

3) Feed Reader or News Aggregator software allows you to grab the RSS feeds from various sites and display them for you to read and use. Some popular feed readers include Amphetadesk (Windows, Linux, Mac), FeedReader (Windows), and NewsGator (Windows - integrates with Outlook). There are also a number of web-based feed readers available. My Yahoo, Bloglines, and Google Reader are popular web-based feed readers.  

4) Google Reader is a Web-based aggregator, capable of reading Atom and RSS feeds online or offline. It was released by Google on October 7, 2005 through Google Labs. 

5) Websites summarize content in an RSS feed. Visitors download an RSS readers. There are generally two different types of RSS readers. The first kind of feed reader is a self contained program, the second kind of feed reader use a web browser. Visitors select the content and summaries they wish to view in a news aggregator or RSS reader. Each time the feed is updated the content being viewed in the RSS reader indicates that there is new content.

6) Atom being a newer format than RSS, not all aggregators are capable (as of February 2004) of reading Atom feeds. If you enjoy using an aggregator that doesn’t understand Atom, but you still want to read websites that syndicate in Atom but not RSS, you can use a tool that converts Atom feeds into RSS feeds, such as Atom2RSS, by 2RSS.