"The manner in which the purported hijacking occurred exemplifies the fact that RSS feeds are far more vulnerable to squatters than Web site domains. The method doesn't require stolen passwords or other overtly illegal methods.
Rather, it merely involves finding a target Podcast and creating a unique URL for it on a Web site that the hijacker can control. The hijacker then points his URL to the RSS feed of the target Podcast.
Next, the hijacker does whatever it takes to ensure that, as new Podcast engines come to market, the page each engine creates for the target Podcast points to the hijacker's URL instead of to the Podcast creator's official URL."
Tags: infosec
No comments:
Post a Comment