It’s just data

Full Disclosure

Charles Miller: Often, full disclosure is explained as a way to make sure vendors are responsive, using “naming and shaming” to force a faster patch schedule. This is certainly one aspect of the practice, but far more important is the fact that it gives those people who might be running the vulnerable software enough information to make informed decisions about their security. [via Stefan Tilkov]

If you are involved with the development of any tool that consumes feeds, I encourage you to read James Snell’s recent post.  It is clear now that giving people months to react only advantages the wrong people.  So in early September, I plan to create a page on the Atom wiki where users can record how responsive various feed consuming tools are to the tests that James has created.

One thing for sure, FeedDemon will rank highly.


Malicious Javascript in Feeds and RSS Bandit

... [more]

Trackback from Dare Obasanjo aka Carnage4Life

at

Malicious Javascript in Feeds and RSS Bandit

Charles Miller : Often, full disclosure is explained as a way to make sure vendors are responsive, using “naming and shaming” to force a faster patch schedule. This is certainly one aspect of the practice, but far more important is the fact that it...

Excerpt from Tailrank: Top posts for Sunday August 20, 2006 at

Updated: Malicious Javascript in Feeds and RSS Bandit

... [more]

Trackback from Dare Obasanjo aka Carnage4Life

at

Feed Security

Ok, so it’s been about a month I guess since I started talking about scripting exploits in feeds. I put together a whole bunch of Atom test cases based on an initial set of RSS tests produced by James Holderness. Several Feed Reader developers...

Excerpt from snellspace.com at

snellspace.com; Feed Security

If you are an enterprise considering deployment of RSS technology, this post might point you to some test suites to assess vendor security: Feed Security Ok, so it’s been about a month I guess since I started talking about scripting......

Excerpt from Collaborative Thinking at

Add your comment