According to a comment to this blog entry on Mat Mullenweg’s blog (he’s the guy who is the founding developer of WordPress), it looks like spammers or other evil types could use RSS feeds to deliver “nasty payloads” to your computer. Even a blog written by someone you know and trust could be hijacked to deliver bad stuff to your computer via RSS. While this hasn’t been documented yet (that I know of), it looks like it’s only a matter of time.
The main entry is also worth reading:– spammers are finding out ways to hack into blogs to insert invisible content. This serves as yet another reminder to keep our blogging software current — and to have clean back-up files of key data and files, just in case we do get infected.
I am not a violent person but I swear, sometimes I really do *feel* as though spammers should be locked up for life. Or shot.
What kind of people do this kind of thing? It’s such a colossal waste of everyone’s time, energy and money.
Don’t forget to use complex passwords. Your software can be totally up to date, but a weak password could still allow it to be hijacked.
I have seen blogs get hijacked and spam sent through the RSS. When I wrote the code for UUpdates I had the foresight to not trust any content, and malicious payload would get stripped. Of course if you followed the RSS link I can’t make any guarantees.
UUpdater — Yes indeed, we have to be constantly vigilant and practice safe computing. And thanks for the reminder about the passwords. Ever since reading Clifford Stoll’s “The Cuckoo’s Egg” my passwords have been strings of letters and numbers. They can be a pain to remember, but better that than being maliciously hacked.