RSS Spoofing?


Dana triggered a thought...how can you be sure you are subscribing to the RSS feed you think you are subscribing to?

I'm not so worried about the scenario he provides where you go to Technorati and generate an RSS feed based on keywords (Watchlist)...'noise' is the worst that can happen. 

I'm thinking about the scenario where bandits try to distribute phishing urls or other crap via an RSS feed that pupports to be from someone else (a bank for example)...So - Bandit sets up RSS directory with 99 bona-fide, useful RSS feeds, plus one dodgy feed.  Unsuspecting user subscribes to dodgy feed.  Feed gives initally good, bona-fide content for a month, then inserts article asking to you login and check details: 'Click here'. Viola! - RSS spoofing.

I realise this is a bit alarmist, and I haven't seen or heard of any examples of this.  Just a thought.

Comments (9)
  1. Damon says:

    …interesting idea. Combine this with a site that is cross-site-scriptable where you would effectively be able to insert your own rss feed and… ooooh, that’s not a happy thought.

  2. Alex Barnett says:

    Its impossible to spoof blogs too

  3. . says:

    I run Thunderbird for my RSS feeds, and Firefox has SMART bookmarks via RSS feeds, why run YET ANOTHER RSS client when my mail client is always up and running and can do it all in one, same for usenet feeds, its there too.

  4. Hmm…. alarmist perhaps, however there is nothing wrong with being careful.

    Interesting, if not worrying concept.

  5. Anonymous says:

    Imagine you find some reliable, popular site that is cross-site scriptable. Send out a few million phishing emails that add an RSS feed to the page via scripting and “target” adds said RSS feed to their reader. Continue with the thought Alex had about tracking valid info for a while, and then pouncing.

    Now of course there are some diminishing returns here – most RSS readers are fairly tech savvy and not likely to fall pray to a phishing scam, but RSS is gaining popularity…

  6. Ray D says:

    In any case, this sounds like a good security test case (or collection of test cases) for RSS Readers, browsers (somebody should be coding this for an IE7 test case about now), and even operating systems. 🙂

  7. Nick Bradbury:

    "…I’d like to start a conversation about the threat that spam and spyware pose to our…

  8. fil says:

    Hi. Just want to ask if there are any reported instances about RSS hacking or spoofing. We’re doing a thesis about RSS filtering. So far, the study is only up to URL filtering in which the filter only scans the URL in the aggregators for possible spoofs. We’re trying to accomplish a method where the filter will scan the url for possible malicious attachment files via disassembling it using a hex editor.

  9. MSDNArchive says:

    Fil, I’m not aware of it occuring so far, just in theory.

Comments are closed.

Skip to main content