Even our friend RSS, is not without it’s challenges, folks. Security people, nothing is immune.

LAS VEGAS–Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns.

Attackers could insert malicious JavaScript in content that is transferred to subscribers of data feeds that use the popular RSS (Really Simple Syndication) or Atom formats, Bob Auger, a security engineer with Web security company SPI Dynamics, said Thursday in a presentation at the Black Hat security event here.

The problem doesn’t affect only blogs–any kind of information feed using any kind of format could potentially be used to transmit malicious content to a subscriber, Auger said. People, for example, subscribe to mailing lists and news Web sites via RSS, he said, noting “this is about the entire concept of Web feeds.”

SPI Dynamics examined a number of online and offline applications used to read RSS and Atom feeds. In many cases, any JavaScript code delivered on the feed would run on the user’s PC, meaning it could be vulnerable to attack, Auger said. JavaScript is a scripting language that experts say is increasingly causing security concerns. … Source: News.com