Feed Security and You

The Blogsphere (and the outside world) has been abuzz today with the presentation by SPI Dynamicsat the Black Hat security event about a publisher’s ability to insert malicious javascript code into RSS or Atom feeds. Bloglines was inaccurately listed as still vulnerable to this attack in most of the pressreports.

On July 18th 2006, Bloglines was privately notified by SPI Dynamics of a security vulnerability involving the injection of javascript in feeds. Realizing the severity of the exploit, on the same day we pushed a fix out to close this loophole. We’d like to thank SPI Dynamics for both finding this issue and notifying us of the exploit in a reasonable manner allowing us to keep our users secure.

– The Bloglines Team


0 Responses to “Feed Security and You”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: