Comment on Microsoft Embracing RSS

Others have already discussed this news into realms of fantasy and paranoia so I'll just point out one aspect I think no one has addressed yet: security.

Blogging and syndicated data technologies in general have yet to fully test the fires of hostile computing world. As their prime time nears, they will be subject to abuse and exploitation.

For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content.

While some might consider social networking aspect of blogging and syndicated data as enhancing security, I see it more as a potential problem because I think trust itself is a primary source of vulnerability.

If you subscribe to 1000 feeds, you are hanging on a chain with 1000 links. Each of those 1000 links (feeds) are potential targets for hackers to attack to gain control over its content. All they need is one vulnerable feed hosting server to change what is delivered to your desktop. If you are using an insecure news client that pools news items from multiple sources, a hacker in control of Ponzi's Schemes feed (hi Ponzi :-)) will be able to send out posts that looks as if they came from the American Express feed.

Some of these problems are easy to fix, some are not. But it's difficult to fix them if you haven't thought about these issues and not many have so far because we were too busy enjoying the heat of creation and smelling the morning rose petals.

I think engineers at Microsoft who had more than their fair share of security-related criticisms will be able to help out in enumerating and addressing the security issues in blogging and syndicated technologies.

That's all.


FYI, this post is being slashdotted today. You can find their comments at Slashdot and AlterSlash. So far I am happy to see this blog withstand being Slashdoted and Farked at the same time. My fingers are still crossed though. Back to my work pile.