Microsoft Team RSS Blog discusses more RSS Risks
The microsoft guys started a blog entry regarding my talk at blackhat/whitepaper.
"We designed and implemented the RSS features using the principles of the Secure Development Lifecycle as embraced by Microsoft. One of the principles is defense in depth. The idea being, even if script somehow were to sneak by the first layer of defense, the impact that the script could have is restricted, if not entirely negated."
For those of you reading this I tested IE Beta 1 which at the time did execute script. I contacted Microsoft who informed me the day before Beta 2 came out. Beta 2 addressed the issue before I even spoke to a Microsoft person about this due to their process. Props to Microsoft for taking a proactive approach.
UPDATE: An article by TechWeb states I am a SPI Dynamics Co founder. This is completely incorrect. Caleb sima who was originally going to co present with me is a SPI Dynamics founder not me.
Article Link: http://blogs.msdn.com/rssteam/archive/2006/08/07/691248.aspx
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment