Blog readers are vulnerable to malicious codes

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
By Renata Vincoletto

Do you like to read a blog? Every day, before start to work, do you
read your favorite one? What do you use to be updated? RSS? Atom?

If yes, your computer could catch a virtual cold, says SPI Dynamics CTO
( )

Software and services used to download feeds transmitted via the RSS or
Atom formats can download and execute JavaScript code buried within the

And you are not safe, even if you use trustable services like
Bloglines, or readers like Firefox, because web feed could contain a
link to another Web site or blog that's hosting malicious JavaScript.
Or maybe a blog might have an area allowing readers to post public
comments. Those can also store malicious bits of JavaScript.

The best way to guard against these sorts of attacks would be for
blog-reading software and services to re-encode all JavaScript it
receives to render it harmless. Creating this filter would not cause
feeds to arrive much slower. But until as we know, no blog-reading
software or service re-encodes the JavaScript codes.

My comment: Take care! Don't forget to use a good anti-virus, firewall
and anti-spyware!

Read more:

Re: Blog readers are vulnerable to malicious codes wrote:

Quoted text here. Click to load it

What exactly is "malicious" JavaScript?

Quoted text here. Click to load it

Who cares? Not every RSS reader actually displays content in such a fashion
that JavaScript is executed at all. Just take the extension Sage for
Mozilla/Firefox - it renders to a text list field.

Quoted text here. Click to load it

Oh, even more bullshit.

Site Timeline