Marlabs  
  >>
Passionate about your results
  About Us      Services      Products    Industries  Partners    Careers    Awards News Contact Us 29

Marlabs Blog


Stay connected with the
worldwide business
community
XML Encryption Standard Broken No Immediate Solution Available Thursday, October 27, 2011

Extensible Markup Language or XML is the industry standard for storing and transporting data. A fundamental web services component, it allows content to be processed and exchanged across different applications, hardware, and operating systems with minimal human intervention. XML encryption was standardized by the World Wide Web Consortium (W3C) in 2002, and is used by major companies such as Microsoft and IBM in their XML frameworks.

 
Two researchers from the Ruhr University Bochum  recently demonstrated that the XML encryption standard is not totally secure after all. They demonstrated a practical attack against XML’s cipher block chaining (CBC) mode. The attack was tested against a popular open source implementation of XML encrytion, as well as against the implementations of companies that responded to the responsible disclosure. The result: the attack works, XML Encryption is not secure.

 

Read more – http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en

 
So how do we fix this issue? Unfortunately there seems to be no simple patch to fix this problem. The researchers propose to change the standard at the earliest. They have informed all possibly affected companies and have also had intensive discussions on workarounds with a few of them.

 
Given the magnitude of above news and the number of companies involved, there may be a fix soon. Nevertheless this has done “lasting damage” to distributed computing. It’s going to be “Hello IBM! bye bye silicon valley”. This may sound alarmist, but when the security infrastructure and that too a “security standard” which was supposedly verified/checked is broken, then it’s going to do damage. My sense of security with XML/HTTP technologies  has certainly diminished after this event.

Tags: , , ,
Posted by Srinivasan Balram | No Comments
Post a Comment

Name:


Email Address:


Website:


Comments:


*
 
  Blogger Profiles
 
 
 
 
  Linked in
 
 
 
 
  Marlabs on
Facebook
 
 
 
 
  Follow us
on Twitter
 
 
 
 
  Read our Feed