 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
Microsoft Defends IE 7s RSS Security
Published August 12th, 2006 in All Categories, Internet Explorer, Internet Explorer 7, Security
Microsoft on Tuesday countered criticism leveled at Internet Explorer 7’s implementation of RSS, 
and said that the browser includes several defensive techniques to keep attackers from using feeds to infect users’ PCs.
Last week, Bob Auger, an engineer with Web security vendor SPI Dynamics, and Caleb Sima, one of the company’s co-founders, gave a presentation at Black Hat that discussed ways criminals could compromise computers using scripts in RSS (Real Simple Syndication) feeds. By creating a malicious blog site, for example, an attacker could inject noxious JavaScript code via an RSS feed to end users’ machines. Like other script-based attacks, the end result could be anything from identity theft to computer hijack.
Although Microsoft’s IE 7 wasn’t specifically targeted in the presentation, Walter VonKoch, a program manager for Internet Explorer, responded with a blog entry that detailed the browser’s RSS security steps. Microsoft Defends IE 7’s RSS Security - VARBusiness
