LAS VEGAS -- A researcher at Black Hat USA 2006 had a warning for those who subscribe to a growing selection of RSS and Atom feeds: If a Web site is susceptible to a zero-day attack, then its feeds -- and its feed recipients -- may be as well.

Robert Auger, a security engineer for Atlanta-based SPI Dynamics Inc., explained that if a Web site offering RSS and Atom feeds becomes infected with malicious code, not only can its feeds spread the attack, but also attackers can create their own malicious feeds that seem legitimate.

Therefore, he said, subscribers must assume all feed data is malicious -- even data from trusted feeds to which an end-user may already subscribe -- and take the necessary security precautions.