Security Review of Online Feed Aggregators with Password Protected Feed

By Angsuman Chakraborty, Gaea News Network
Wednesday, October 8, 2008

In my previous article I have already discussed about how to use the Online Feed Aggregators to view the password protected Feed with username and password. Now the next thing that should come to your mind is how do they actually fair in maintaining the security of your account. To understand that I studied and tested a number of online feed aggregators on the known protocols such as HTTP basic, HTTP digest, Integrated Windows and HTTPS SSL protection. So let us know about these protocols first. Then it will be better to understand what suits you more.

HTTP Basic:

The most common type of HTTP transaction protocol. Actually before transmission, the username and password are encoded as a sequence of base-64 characters.

  • Advantageous for small home networks.
  • Very fast and easy
  • Very insecure. Never recommended for internet sharing. Can be cracked by any good interceptor or cracker.
  • Solely HTTP basic protocol is not used by any of the popular feed readers these days.

HTTP Digest:

Digest is the next stage to HTTP Basic. It is intended to supersede unencrypted use of the Basic access authentication, allowing user identity to be established securely without having to send a password in plain-text over the network.

  • Uses MD5 algorithm so its more secure.
  • It is used by some of the feed readers along with HTTP Basic. like say Newsgator.
  • Still not recommended fully. It is vulnerable in a lot of ways.

Integrated Windows:

Integrated Windows Authentication (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols. If you are wondering what the heck they are, I will join you guys too. This is not a standard service at all. So let’s not discuss this further.

HTTPS:

Hypertext Transfer Protocol over Secure Socket Layer or HTTPS is a URI scheme used to indicate a very secure HTTP connection.

  • It uses encrypted secure socket layer protocol (SSL) and it is very authentic too.
  • HTTPS is the protocol that is most of the online feed aggregators are using.

So, as we have come to know about different security features that protect our online feed account credentials, Let me make a comparative chart of who uses what. That will be better for you under one place.

A comparative Chart of The Popular Online Feed Aggregators:

.

Aggregator Http Authentication HTTPS/SSL
BottomFeeder Yes Yes
FeedDemon Yes Yes
FeedReader 2.4 Yes No
NewsGator Yes Yes
NewzCrawler Yes No
SharpReader No Yes
ActiveRefresh Yes No
Syndigator No Yes

.

So with this study I will wrap things up in this segment. Choose whichever you like, but its always better to be on the safer side with the most secure of them all.

Feed your Needs. Take care.

Discussion
November 27, 2008: 7:09 am

[...] information with them. Well, I am not going to leave you without any information on that. See HERE. Aren’t you [...]

October 9, 2008: 6:11 am

Hi,

You can also managed protected RSS feeds with Yahoo Pipes, re-generating a private feed whose URL won’t display the username and password in plain.

More details here: https://dblume.livejournal.com/112262.html

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :