Is this of interest to us? do we know about it?
Black Hat USA 2006 Topics and Speakers: “Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
Robert Auger, Security Engineer, SPI Dynamics Inc., Co-Founder, Web Application Security Consortium
Caleb Sima, CTO and Co-Founder, SPI Dynamics
This presentation will discuss the use of RSS and Atom feeds as method of delivering exploits to client systems. In our research we have found a number of RSS clients, both local and web-based, that are far too trusting of the content that is delivered via feeds. Although this content arrives as well-formed XML, fundamentally it originated as user input elsewhere. Like any such data, it can contain malicious and mal-formed content, yet many clients fail to guard against this. And though such content by definition originates remotely, many clients use methods of display that cause it to be trusted as if it were locally originated.
“
