2005.12.06

Need some background? See I’m gonna hijack eWeek and More on podkeyword.com first… eWeek has an update: Podcast ‘Hijacker’ Says Business as Usual.

Is there a fix? Well, Atom has a link rel=”self” thingy so a feed at the URI http://my.org/feed/url/ would have this inside the feed: <link rel=”self” href=”http://my.org/feed/url/”></link> How does this help? Well, in theory, if the iTMS (or whoever) was getting the vegan.com feed from podkeyword.com, they could compare the URI to what is listed in the actual feed. Yes, you could still capture, modify, and reserve the feed, but that’s malicious, and were not talking about that (yet.) Since Apple has it’s own namespace’d stuff, it could easily add something like Atom’s rel=”self” thing, right?

This all comes back to the whole issue of claiming a feed doesn’t it? I’m still thinking I could come up with a devious method to defeat any of the existing “claim this feed” mechanisms out there today to actually hijack a feed. (Heck, I’d even use 200 OK’s instead of 302 Found’s like podkeyword does.) Lucky for you I would only do this to point out the flaws in the existing systems. We all know that when it comes to money making schemes I’m not as smart as those other early adopters of podcasting…

Comments are closed.

« | »


buy the button:

Buy The Button