Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Microsoft ready to discuss RSS security

June 30, 2005 12:00 PM ET

IDG News Service - Microsoft Corp. will be taking a closer look at the security of a new Web publishing technology it plans to integrate into the next major version of Windows, code-named Longhorn.
Microsoft plans to offer ways for developers to use the RSS (Really Simple Syndication) standard to create Windows applications, but the company first wants to talk about the security implications of such a move.
Developers should expect to discuss RSS security at Microsoft's upcoming Professional Developers Conference, to be held in Los Angeles this September, said Robert Scoble, a Microsoft technical evangelist writing in a recent Web log posting. "This is something we all need to do a lot of thinking and work on," he said.
RSS is used primarily as a way of letting Web surfers know when new articles have been posted to Web sites, but they must use special software in order to view and subscribe to RSS feeds. With Longhorn, which is expected in the second half of 2006, that capability will be built into the operating system. Microsoft will also provide new tools so that developers can more easily build Windows applications that use the protocol.
Microsoft declined to say what, if any security concerns it has about RSS, but observers say that once it is included in Windows, RSS will be a much more appealing target to attackers. Jupiter Research estimates that the protocol is used by about 6% of U.S. consumers, but once it is embedded in Windows that number will jump substantially
As Web browsers and e-mail clients moved into the mainstream, so too did worms and viruses, said Rich Miller, an analyst with Netcraft Ltd. Some are concerned that the same pattern may emerge with RSS readers, he said. "Once that becomes a technology that's on everybody's desktop and can be accessed using the Windows operating system, that changes the dynamic quite substantially."
Though there haven't yet been any major security risks associated with RSS, which is generally considered more secure than many other Web technologies, security may become more of an issue as RSS begins to be used for a wider variety of tasks.
"We have an opportunity to look at ways we could build into RSS some of the security features that we wished had been present in e-mail," said Phillip Hallam-Baker, principal scientist with VeriSign Inc.
Phishing, for example, could become a problem as new applications are developed for RSS, he said. "At the moment, I don't see that there is a phishing issue with RSS," he said."However, if banks start using it to distribute statements, it may become an issue."
"The more automation that people have built [into RSS], the more places that you might have somebody work out some dirty trick," Hallam-Baker said. "Are we going to make sure we've locked down as many rat holes as we could have done, or are we going to find that if we'd put better security in there, we'd be happier with the result?" he asked.


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

Security

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...