TELECOM Digest OnLine - Sorted: Microsoft Ready to Discuss RSS Security


Microsoft Ready to Discuss RSS Security


Lisa Minter (lisa_minter2001@yahoo.com)
Tue, 5 Jul 2005 11:35:31 -0500

Robert McMillan, IDG News Service

Microsoft will be taking a closer look at the security of a new Web
publishing technology it plans to integrate into the next major
version of Windows, code-named Longhorn. Microsoft plans to offer ways
for developers to use the RSS (Really Simple Syndication) standard to
create Windows applications, but the company first wants to talk about
the security implications of such a move.

Developers should expect to discuss RSS security at Microsoft's
upcoming Professional Developers Conference, to be held in Los Angeles
this September, says Robert Scoble, a Microsoft technical evangelist
writing in a recent Web log posting. "This is something we all need to
do a lot of thinking and work on," he says.

RSS is now used primarily as a way of letting Web surfers know when
new articles have been posted to Web sites, but they must use special
software in order to view and subscribe to RSS feeds. With Longhorn,
expected in the second half of 2006, that capability will be built
into the operating system. Microsoft will also provide new developer
tools so that developers can more easily build Windows applications
that use the protocol.

Cause for Concern?

Microsoft declined to say what, if any security concerns it has about
RSS, but observers say that once it is included in Windows, RSS will
be a much more appealing target to attackers. Jupiter Research
estimates that the protocol is used by about six percent of
U.S. consumers, but once it is embedded in Windows that number will
jump substantially.

As Web browsers and e-mail clients moved into the mainstream, so too
did worms and viruses, says Rich Miller, an analyst with
Netcraft. Some are concerned that the same pattern may emerge with RSS
readers, he says. "Once that becomes a technology that's on
everybody's desktop and can be accessed using the Windows operating
system, that changes the dynamic quite substantially."

Though there haven't yet been any major security risks associated with
RSS, which is generally considered more secure than many other Web
technologies, security may become more of an issue as RSS begins to be
used for a wider variety of tasks.

"We have an opportunity to look at ways we could build into RSS some
of the security features that we wished had been present in e-mail,"
says Phillip Hallam-Baker, principal scientist with VeriSign.

Phishing, for example, could become a problem as new applications are
developed for RSS, he says. "At the moment, I don't see that there is
a phishing issue with RSS," he says. "However, if banks start using it
to distribute statements, it may become an issue."

"The more automation that people have built in [to RSS] the more
places that you might have somebody work out some dirty trick,"
Hallam-Baker says. "Are we going to make sure we've locked down as
many rat holes as we could have done, or are we going to find that if
we'd put better security in there, we'd be happier with the result?"
he asks.

Copyright 2005 PC World Communications, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, PC World Communications, Inc.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Lisa Minter: "IBM Lawsuit Against Microsoft"
Go to Previous message: Lisa Minter: "Pirated Live 8 DVDs on eBay, Industry Protests"
TELECOM Digest: Home Page