RSS is growing at a lightening speed. What was once only known as a “techie tool”, RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS’ future.
Security Implications Related to RSS.
As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel. The expansion capabilities of the RSS specification, specifically the “enclosure” field which has launched the podcasting phenomenon, is where the vulnerabilities lie. The enclosure field in itself is not the problem, in fact the majority of RSS feeds do not even use the enclosure tag. The enclosure tag is essentially used to link to file types, things like images, word documents, mp3 files, power point presentations, and executables and can be thought of in similar terms to email attachments.