bsod

Vulnerabilidades en RSS

Posted by myself - 23/02/07 at 07:02:37 pm

Para los que no lo sepan, RSS es uno de los bastiones de la comunicación de la era 2.0. Al menos, así lo considero yo. RSS significa Really Simple Syndication y permite que un sitio web sea realmente portable. 

Usualmente se le conoce como Feeds, y muestra el contenido de un sitio en un lector hecho para tal fin. Últimamente, los navegadores traen lectores de feeds, lo que permite que puedan accederse desde una sola aplicación.

Hasta aquí la cosa es bonita.

Desde hace algún tiempo se viene comentando una de las debilidades más grandes detrás de los Feeds. Ésta se refiere a que uno supone que no conllevan ningún riesgo. Tanto así, que los desarrolladores, prestan poca atención al código que pueda ser insertado en los feeds, a la hora de crear los programas lectores. Desde entonces, se habla mucho sobre la facilidad de insertar JavaScripts en los feeds para explorar alguna vulnerabilidad.

Hoy me encuentro con una nota, que vuelve a recordar la facilidad con la que los Feeds pueden ser utilizados para atacar e incluso, va más allá, indicando que nuevos gusanos pueden ser liberados usando esta tecnología.

 

"Unfortunately, many of the applications that receive [feed] data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack," Robert Auger, formerly of SPI Dynamics, said in a white paper released last year.

As a result, the "potential for using Web-based feeds as an exploit deployment vector for both known and zero-day exploits is rather large," he said. The issue is amplified when a feed is resyndicated to other sites. "The potential exposed user base could be in the millions, making it an attractive method for worm deployment," Auger wrote.

One relatively easy way that hackers can take advantage of a feed is to plant a comment containing malicious JavaScript on a blog site that allows readers to leave comments. If the blog's RSS feed is set up to deliver comments as part of the feed, the malicious code gets distributed to subscribers, Dickenson said.

A hacker might also choose to distribute a tainted blog feed to a trusted content-aggregation site, from which the malicious code could get distributed to users who are subscribed to the aggregator's feeds, Grossman said.

Given the number of RSS readers being downloaded every day and the number of Web sites that aggregate and publish RSS feeds, it's easy to see why feed injection could become an even bigger nuisance than spam, Dickenson said.

An analysis of malware samples with embedded URL links showed that hackers are already turning to blog feeds in a big way, Dickenson added. Of the 60,000 malware samples studied by Authentium recently, more than 1,000 had URL links with the word "blog" in them, he said.

 Desde [ ComputerWorld : Read Rss, get hacked ]

1 Comment »

RSS feed for comments on this post. TrackBack URI

1. [...] pensar que el uso de los feeds para este tipo de acciones era mucho más factible, ya que los lectores de feeds no suelen proveer protección o bloqueo de código script. Pero uno se encuentra con la limitación de que el usuario debe acceder al feed. Y puedo [...]

   Pingback by bolsanegra.blog » El CSS y tus huellas en la red — March 20, 2007 #

Leave a comment

Name (required)

Mail (will not be published) (required)

Website

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

FEED / RSS / EL PERRITO

Los Blogs

Search