Microsoft has just announced on Friday, June 24, 2005, that Longhorn will incorporate RSS (Really Simple Syndication) as a core technology. This will open new attack sources for spammers, phishers and malicious hackers, security experts say. Well, of course, I think this will only happen if there is any lack of prepor RSS integration, because the integration of RSS will be available to applications through Windows APIs,

Quoted:
“It is inevitable, without a doubt. When Longhorn comes out, attackers will pounce on every new thing to see if Microsoft did it correctly. You can bet RSS integration will be one of those things attackers will want to exploit,” said John Pescatore, senior vice president of research at Gartner Inc.

Microsoft will make RSS more understandable to the average, non-technical end user in Longhorn, but experts believe once the technology reaches critical mass as widespread as e-mail or instant messaging, it will surely become a lucrative target for malicious hackers.

Quoted:
“The RSS threat is a legitimate one, and Microsoft will have to be very careful about how it’s baked into the OS. The potential for danger is very, very real,” Pescatore said.

As Wordpress users, I’m sure most of you guys have experienced the threat spammers have caused. So, there is no doubt spam threat will happen in the beginning because spammers will find a way around the authentication weakness. Another weakness, experts pointed out is the phishers will pounce and try to lure users to visit fake sites to steal confidential information. This type of threat is especially apparent on RSS search engines that pull results from multiple Web sites and present those as an RSS feed.

Besides, Microsoft is embracing the use of enclosures to deliver attachments in RSS feeds too. So, there is also a risk that the hackers will find a way to use it to distribute malware to the desktop.

Well, I just hope Microsoft takes the RSS integrations seriously, and hope there are less holes (Come on, no hole is impossible, ok !) too. Spamming and phishing should be eliminated or atleast kept to minimal level.