What is Digg?33 Comments
- inactive, on 10/12/2007, -0/+3It wouldn't be so bad if the worms were gummy. Mmmmmm... gummy worms...
- halter73, on 10/12/2007, -0/+1Come on, worms will only work if your rss feeds consist of more than just text. The only thing that would really allow for the spreading of worms is if the user used a client that would automatically download files the rss is linked to, aka podcasts. I listen to podcasts, but I don't automatically download them using a program like ippoder. Instead I use ether thunderbird or opera's rss client. This way a read the feed and then download the podcast as a link or attachment, this would stop worms from redirecting the rss feeds to malicious websites without the user knowing. And the entire basis of the article is that we will see these worms because IE 7s new rss client, but they neglect to mention that IE 7 will not download feed links by default. Most rss clients don't even have the option.
I agree Trend Micro is scaring consumers to buying their product because they will be the first security solution to stop the made up huge threat of rss worms. People would have to go way out of their way to get these worms. THIS IS NOT A REAL THREAT! - cnjmorris, on 10/12/2007, -0/+1That is why we need to impose death penalty legislation for hackers and phishers and others who offer nothing constructive to society.
- MindTrigger, on 10/12/2007, -0/+1Most "spyware" is actually adware, so whoever is using these scumbag pop-up spyware programs to push ads into everyone's face, stands to make the money. The main problem is that most people are too stupid to be using a computer. I'm an IT guy and I never cease to be amazed by how people will click "ok" and "yes" on ANYTHING that pops up in front of them. The world was a safer place when computers were too hard for the general public to use.
Halter73, as long as stupid people use computers, just about ANYTHING can be a threat, RSS included. You are calling it a non-threat because you actually take the time to be careful about what is auto-downloaded to your computer. Trust me when I tell you, most people have no clue and assume everything is "ok". - fugitivALiEN, on 10/12/2007, -0/+1How does this infect anyone? does it infect windows, mac, unix? I'm sure it'll affect only microsoft's rss reader, I doubt certain readers will all be affected. Does it affect the actual feeds? Then does it send you to a bad link? I don't see this being a huge issue at all except getting "pwned" or something and then fixing the RSS feed/site again. But properly maintained sites won't likely have a problem with this... whatever =/
- jst33z, on 10/12/2007, -1/+2When they say "lucrative target", who is making the money? Trend Micro? Anti-virus companies? Or are the hackers who write the worms getting paid somehow? Perhaps by the anti-virus companies who are looking for a new source of revenue.
- MaxRebo, on 10/12/2007, -0/+1This will be just like other spam and viruses. For those who know better, there may be little to no threat. For the rest, well... they'll blame somebody other than themselves.
I recently spoke with a co-worker who blamed Microsoft for the malware infestation on his home PC. If he had been using AV and firewall software he would not have the problems. I'm sure he went nuts clicking things he shouldn't have been... - oddball, on 10/12/2007, -0/+1why all u goons putting links to your own sites in your comments? Get a clue. U all get modded spam.
- emildew, on 10/12/2007, -0/+0"When they say "lucrative target", who is making the money? Trend Micro? Anti-virus companies? Or are the hackers who write the worms getting paid somehow? Perhaps by the anti-virus companies who are looking for a new source of revenue."
The point of writing worms is to create zombie PCs which are then sold by the hundreds to spammers or those who work for spammers and used to send out (you might see this coming) spam. For money.
That's who makes money doing it. - surfing, on 10/12/2007, -0/+0sidebar you honor, when is IE 7 supposed to be released?
- Mantus, on 10/12/2007, -0/+0MS's page for IE7: http://www.microsoft.com/windows/IE/ie7/default.mspx. No release date yet.
- Otto, on 10/12/2007, -0/+0Total FUD. RSS is not any more inherently vulnerable than the security holes in the RSS downloading program would be. RSS doesn't magically make code run on your computer, after all.
- spin, on 10/12/2007, -0/+0In the usual Microsoft fashion, they are taking something that belongs to everyone and making it so it now belongs to Microsoft. Microsoft is doing their own version of RSS, hell then even wanted to rename RSS to suit their own selfish goals.
- SuperSloth, on 10/12/2007, -0/+0NEWS FLASH!
Do not browse sites you do not trust.
NEWS FLASH!
Do not use RSS feeds on sites you do not trust. - Room101, on 10/12/2007, -0/+0Considering how few people actually use RSS according to most studies, why would someone write a worm for it?
- ziffel, on 10/12/2007, -0/+0I agree with MindTrigger 1000%. PC's arent' really good for the general public because they are either too stupid or too lazy to learn to use them correctly. They want them to be like televisions where they can turn them on and channel surf. A TV "just works" -- a PC requires using at least some of your mental faculties. I've been computing for 15 years, and i've yet to get my first virus. Not one. ever.
- eagleswings, on 10/12/2007, -0/+0Did anyone follow the link in the article? Why does Microsoft need to publish guidelines on RSS feeds? Surely there is a standard that everyone is following, or are we going to end up with RSS feeds that only IE will understand?
Just a thought. - CoreBurn, on 10/12/2007, -0/+0"The point of writing worms is to create zombie PCs which are then sold by the hundreds to spammers or those who work for spammers and used to send out (you might see this coming) spam. For money.
That's who makes money doing it."
With the kind of spam I get, I don't see how anyone could make any money off it... some is so garbled it bearly qualifies as any written language.. . - nickster, on 10/12/2007, -0/+0I was expecting this to happen sooner or later.
- Mantus, on 10/12/2007, -0/+0http://www.microsoft.com/windows/IE/ie7/default.mspx
corrected url for IE7, i'm retarded and put a period on the end. - diggnationdevon, on 10/12/2007, -0/+0Never would have thought of this.
- emildew, on 10/12/2007, -0/+0coreburn said:
"With the kind of spam I get, I don't see how anyone could make any money off it... some is so garbled it bearly qualifies as any written language.. ."
Somebody clicks links and buys, otherwise they wouldn't bother. - Offill, on 10/12/2007, -0/+0Everyone has to find a way to ruin a good thing. Dugg
- skipgamer, on 10/12/2007, -0/+0Makes me glad that Ive never bothered to touch RSS and that I wont be using IE7... dugg
- JaggedEdge, on 10/12/2007, -0/+0And now that PSP's support RSS Feed's.....lets the vulnerabilitys pour in, Firmware 2.6 is practically cracked then.
- Psykus, on 10/12/2007, -0/+0"RSS is not any more inherently vulnerable than the security holes in the RSS downloading program would be."
Did you see the article description? "RSS feed hijacking will become commonplace when ***Microsoft*** ships *IE7*" - tdyer, on 10/12/2007, -0/+0i love watching linux/mac/firefox dweebs read a very SPECULATIVE article then cry about ms creating security holes.
just calm down, the sky is not falling. - jdgtrplyr, on 10/12/2007, -0/+0Saw this coming from miles away.
- pudquick, on 10/12/2007, -1/+0FUD FUD FUD FUD FUD.
Great and all, but this would require the ability to launch whatever it downloaded. RSS, as it currently functions, doesn't do this inherently. Building this feature into IE 7 would be asking for problems. No other RSS-enabled browser has auto-download and auto-launch capabilities for feeds.
So how would the virus payload get launched? By a pre-existing virus/piece of code, of course ... which anti-virus companies kill already. So if all the launchers are killed, so what if you download new copies? They'll stay inert unless they get downloaded to some place that auto-launched on your machine. It will be really tough to pervert RSS into this.
FUD FUD FUD FUD FUD. "RSS in Title = Viewers". No digg. - Coltron, on 10/12/2007, -2/+0I love my RSS! I agree with cnjmorris in part, we need to up the ante and make it a more serious offence.
Maybe the death penalty is a bit much. But I would be open to gluing their fingers together with some long term bonding agent, say for the better part of a year? I'd like to see a hacker hack or a phisher phish then.
Just try typing with mittens on. You're not gonna hurt any RSS feed, not ever.
http://thebrig.org/ - woohoowoot1, on 10/12/2007, -3/+0good dig ++
http://www.freexbox360.ca/?r=10318 - inactive, on 10/12/2007, -3/+0I agree with you guys. Trend Micro earns more money when someone wants to ruin a new technology using worms.
Gabriel
http://www.myfinancesonline.com - slhilbert, on 10/12/2007, -3/+0Great! Now I won't even be able to get my quick news.... DANGIT!
-s
http://www.getyourowntots.com
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is