Search Data and Feed Security
Two things that are worth looking at and thinking about.
First is news that AOL released a data set of users’ searches on purpose. The data was partially anonymized but since some of the searches can be identifying in themselves it’s possible that this might turn into a privacy fiasco for them. There also seems to be reports that there’s sensitive data such as social security in it. If you do search analysis or other data mining, think long and hard how to anonymize and protect data.
The second is about using feeds as vulnerability vectors. I believe this was presented at blackhat but a PDF with information is available. This is nothing ground breaking as most aggregators use browser engines to display the information, similar to some email clients. Aggregator clients that run locally on a machine may also be considered to be in a less restricted zone. Something to think about if your building aggregators or parsing feed. As always you can’t trust everything that’s given to you. And as always be careful about what you subscribe to, as you would with email.