BLACK HAT - Blog readers vulnerable to embedded malware
- 04 August, 2006 08:23
Reading blogs could cause your computer to catch a virtual cold, said a leading security expert Wednesday at the Black Hat USA conference.
Internet users who employ Web-based services such as Bloglines or Web browsers such as Firefox to read Web site feeds and blogs are vulnerable to embedded malicious code that can install spyware, log users' passwords, scan PCs and corporate networks for open ports and more, said Caleb Sima, chief technology officer at SPI Dynamics, a Web application security company.
So far, only a few proof-of-concept attacks against blog readers from Google and Yahoo have occurred, Sima said, though he believes that more are on the way.
Seemingly random strings of characters such as "
Finally, because RSS and Atom readers don't typically authenticate the publisher of each feed every time they download, they might blindly download feeds sent by an impersonating or infected Web publisher, Sima said.
In the absence of blog readers filtering their feeds, Sima recommends that CIOs and chief information security officers start treating individual PCs as potential attack points.