IDG News Service - Microsoft Corp. will be taking a closer look at the security of a new Web publishing technology it plans to integrate into the next major version of Windows, code-named Longhorn.
Microsoft plans to offer ways for developers to use the RSS (Really Simple Syndication) standard to create Windows applications, but the company first wants to talk about the security implications of such a move.
Developers should expect to discuss RSS security at Microsoft's upcoming Professional Developers Conference, to be held in Los Angeles this September, said Robert Scoble, a Microsoft technical evangelist writing in a recent Web log posting. "This is something we all need to do a lot of thinking and work on," he said.
RSS is used primarily as a way of letting Web surfers know when new articles have been posted to Web sites, but they must use special software in order to view and subscribe to RSS feeds. With Longhorn, which is expected in the second half of 2006, that capability will be built into the operating system. Microsoft will also provide new tools so that developers can more easily build Windows applications that use the protocol.
Microsoft declined to say what, if any security concerns it has about RSS, but observers say that once it is included in Windows, RSS will be a much more appealing target to attackers. Jupiter Research estimates that the protocol is used by about 6% of U.S. consumers, but once it is embedded in Windows that number will jump substantially
As Web browsers and e-mail clients moved into the mainstream, so too did worms and viruses, said Rich Miller, an analyst with Netcraft Ltd. Some are concerned that the same pattern may emerge with RSS readers, he said. "Once that becomes a technology that's on everybody's desktop and can be accessed using the Windows operating system, that changes the dynamic quite substantially."
Though there haven't yet been any major security risks associated with RSS, which is generally considered more secure than many other Web technologies, security may become more of an issue as RSS begins to be used for a wider variety of tasks.
"We have an opportunity to look at ways we could build into RSS some of the security features that we wished had been present in e-mail," said Phillip Hallam-Baker, principal scientist with VeriSign Inc.
Phishing, for example, could become a problem as new applications are developed for RSS, he said. "At the moment, I don't see that there is a phishing issue with RSS," he said. "However, if banks start using it to distributestatements, it may become an issue."
"The more automation that people have built [into RSS], the more places that you might have somebody work out some dirty trick," Hallam-Baker said. "Are we going to make sure we've locked down as many rat holes as we could have done, or are we going to find that if we'd put better security in there, we'd be happier with the result?" he asked.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts