RSS in Microsoft Longhorn: Is there a Gotcha?

By at 30 June, 2005, 11:34 am

There’s been a lot of buzz this week after Microsoft announced that RSS would be a part of the next release of Windows know as Longhorn.

Many have written about potential benefits to the end user and syndication as a whole including Jeff Beard’s posts on his LAWTECH GURU BLOG about this news from Microsoft and what he thinks it means for RSS. He has some valid points about centralization of services into the OS and possibilities for making RSS even more useful. You can check out Jeff’s thoughts here Article or here Article. But are there any downsides to this move by MS?

Ryan Naraine writing for eWEEK.com in a recent article thinks that there is a downside. He’s found that security experts aren’t as enthusiastic about this move as some end users and syndicators. In his Article RSS in Longhorn: The Security Question, Naraine lays out the arguments that this is a bad move and opens the OS to potential attacks.

The problems range from RSS Spam, potential phisihing attacks to distribution of malware. As always, authentication will play a key role in the vulnerability of the OS to attacks. MS has adopted what it calls the SDL (Security Development Lifecycle) which focuses on security first in the development of new MS software.

Richard Stiennon, Webroot Software’s director of threat research was quoted in the article, stating: “It’s not yet a big target, but once RSS usage becomes as widespread as e-mail or instant messaging, the hackers will find a way to use it to distribute malware.”

Personally, I think trying to make the OS be all things to all people is not a good idea. While this move by MS has the potential for bringing RSS into the “mainstream”, the potential security threats it brings with it’s use of enclosures for attachments, is going to be like the current problem with attachments in email all over again.

As lawyers, we keep more and more of our confidential information on our computers; therefore, securing and safeguarding that information most be of paramount importance to each of us. Any hole in our security opens us up to potential disclosures of confidential information and of course the attendant malpractice and disciplinary complaints that would follow.

Hopefully, MS will get it right out of the gate and all of the fears over incorporating RSS into Longhorn will end up being unfounded.

Categories : Blogging | Software


No comments yet.

Leave a comment