I've been toying around with writing my own RSS enabled grep, so I did just that by wrapping the universal feed parser. This is really really alpha. So use at your own risk. Also it's missing a few features like repackaging of feeds so that it can be used with other rss tools like rss reader or reading in input from stdin so that you can pipe one rss-grep through another. It's also missing many of the usual grep options.
Anyway enjoy rssgrep.py
I've updated rssgrep. Notable changes include:
Also this code just works in more places.
This morning while channel surfing the radio during the morning commute I heard the strangest list of words all put together half of them sounded like pseudo gibberish many almost sexual in nature. I stopped channel surfing to figure out what the hell I was listening to. Then I heard a woman's voice who was obviously calling into the radio station say, "The question is what is your password?" The host erupted with a congratulations told her he was right and said, "Well that's right the question was, what is your password?". The woman than proceeded to tell everyone listening what her password was. At first I started chuckling. Then while stuck in traffic I started to think it's just sad that the implicit value of passwords is not obvious. I mean you wouldn't give someone the keys to your house to potentially win a contest. It's really all quite sad.
Recently web hacking and more specifically Cross-Site Scripting(XSS) vulnerabilities have risen to the fore front of the security communities collective consciousness. Why is this? Wasn't it just a few years back that the general consensus was that XSS bugs were dumb and useless? So my question is simply what changed?
The first and most obvious answer is that more people are using more web services. The rise of web 2.0 has been met with more people signing up for community based sites such as youtube and myspace. People have moved their mail and personal calendars to these web based services. To compound the issue further many of these services are all tied together with some form of single sign-on. Thus stealing cookies via XSS now has a greater value than it ever has before.
Every class of vulnerability has to go through this phase of valuation before it gets exploited en masse and it becomes the hot topic. For example buffer overflows aren't as interesting when your working on a single user machine that you already have access to. But when coupled with the connectivity of the internet and the amount of information that's protected from you it becomes interesting.
Additionally, the rise of XSS is being fostered by the improvements in system security made in the past few years. Stack protection, heap protections, reduction of the number of services being run by default. Also vista's addition of things like Address Space Layout Randomization, have made exploitation of bugs at the systems level significantly more difficult. When something becomes more difficult people start looking for easier attack vector. Since XSS and web hacking takes place in userland there's less accounting information that you have to play with such as memory addresses. A failed exploitation attempt doesn't kill the box, process etc.
Finally I'm stealing a page from pdp and putting in a copy of the machine is us/ing us
