This makes me unhappy. I wonder what is going to be done to plug this little honey pot! I will keep watching.
RSS Feeding Attacks
Hackers are constantly on the lookout for newer methods to
perpetrate attacks. Security researchers have to keep one step ahead
and ferret out possible avenues that are prone to attacks, and thatís
just what Robert Auger is doing.The SPI Dynamics security engineer has identified Rich Site Summary (RSS) and ATOM feed
technologies as platforms that can be exploited by hackers to steal
keystrokes, cookies and user credentials. By injecting malicious code
into the feed, the hacker can succeed in compromising all the siteís
subscribers in one stroke.Based on the popularity of a particular feed, thousands to
millions of people are left open to denial of service attacks, command
executions and SQL injections. Auger says that local RSS readers can also be used to access file systems, scan the local network, and then be used for relay attacks.