Microsoft Defends IE 7's RSS Security

Microsoft on Tuesday countered criticism leveled at Internet Explorer 7's implementation of RSS, and said that the browser includes several defensive techniques to keep attackers from using feeds to infect users' PCs.

Last week, Bob Auger, a co-founder of Web security vendor SPI Dynamics, gave a presentation at Black Hat that discussed ways criminals could compromise computers using scripts in RSS (Real Simple Syndication) feeds. By creating a malicious blog site, for example, an attacker could inject noxious JavaScript code via an RSS feed to end users' machines. Like other script-based attacks, the end result could be anything from identity theft to computer hijack. Microsoft Defends IE 7's RSS Security - VARBusiness

Linked by shanmuga Thursday, 10th August 2006 2:34AM