[development] feeds as an attack vector?

Chris Johnson chris at tinpixel.com
Wed Aug 9 15:29:31 UTC 2006

At http://intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite Sam Ruby 

"It is just a matter of time.  One of these days, some hacker will deface a 
popular site like Engadget.  But instead of putting something visible on the 
site, they will put something invisible in the feed.

By the magic of syndication, that data will then be distributed like spores to 
untold thousands of locations.  In the process it will be transported from a 
relatively untrusted location (like BoingBoing) to a place of equal or greater 
trust.  Places like popular portal sites, or just perhaps, to your very own 
hard drive.

 From there, it will lie in wait until you check for news.  Invisibly it will 
spring into action.  You won’t even notice it running.  It will be able to do 
things that vary from uploading your preferences and passwords to a remote 
location, to downloading malware onto your machine.  Shortly thereafter, this 
entry will be marked as read, or scroll off the bottom of your river of news, 
and you will never know how you just got p0wned."

It seems like it would be worth thinking about this when working on any part 
of Drupal that aggregates or generates feeds.


More information about the development mailing list