Of course, having decided to try browsing via RSS feeds a few days ago (and, btw, I am loving the convenience of seeing which of the pages I read regularly has new content), Slashdot has to link to a whitepaper describing the security risks in subscribing to RSS and Atom feeds. They’re what you would expect – the standard potential for the site owner to insert malicious code in the feed, along with concerns that, because of the ability to put third-party feeds in what might be an otherwise trusted site, feeds allow insertion of exploits into new realms. The advice seems to be to only subscribe to feeds at trustworthy sites, be careful about subscribing to feeds that include third-party content such as comments if they aren’t filtered for malicious code, and set your browser preferences to disallow embedded code from running amok on your computer.
I’ve actually been catching up on my security reading the past week, and it reminded me that I never posted a link here to my write-up of our end-of-the-course project in my Cyberattacks class this past January, where we spoofed an APC and a Microsoft fingerprint scanner using modeling clay, wax, and other household materials. I managed to capture some video of the spoofs working, which is linked on the page, but I also tried to give a fairly detailed description of what did and didn’t work.