Attack on^W^WInconvenience in Vienna

If you use the free RSS news reader Vienna, I suggest my little page here: vienna.php to insert some feeds into your news reader.

To make one thing clear: this page does not create you any trouble other than putting the Vienna news feed three times into Vienna. Nothing is destroyed or crashed. It just demonstrates that auto opening and adding feeds can give you feeds in the reader without asking. Links in Google to RSS feeds are another example where you experience this automatic adding mechanism all the time when clicking on one without noticing. You may also just use this link to the Vienna blog: atom.xml. Auto opening is a well known feature of Safari you can enable in the preferences. So in a sense you are responsible for this behaviour by enabling it.

To cite Steve from the Vienna devs: As a rule, Vienna only prompts before you do something destructive that cannot be easily reverted. Adding a new subscription isn’t destructive as you can delete the subscription afterward.

2 Comments »

• Für ähnlichen Kram, (also solche Direktlinks…) haben Leute auch schon ihre Seite aufgegeben. Google mal drunkenbatman und safari…
  Gruß, Th

  Comment by na super — July 13, 2007 @ 5:00 pm
  

• Naja, da gibt es wohl den kleinen Unterschied, dass meine Testseite völlig harmlos ist. Sie präsentiert ein wohlbekanntes Safari-Feature, und den Effekt auf Vienna. Ich hab es oben nochmal ausführlich erklärt. Für einen Exploit oder DOS-Attacke ist wohl etwas mehr nötig als das Anlegen von Feeds im News Reader, was ja laut Entwickler ganz bewusst so gemacht wird.

  Comment by sts — July 13, 2007 @ 7:58 pm
  

RSS feed for comments on this post. TrackBack Website

Leave a comment

Name (required)

E-mail (required)

Website

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>