OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: XML encryption standard insecure



Tim Grapes

SE Solutions, Inc.

(703) 304-4829


From: Andress, Willie K. [mailto:wandr1@lsuhsc.edu]
Sent: Monday, October 24, 2011 4:05 PM
To: Grapes, Timothy
Subject: XML encryption standard


FYI – from today’s  DHS Daily Infrastructure Open Source Report – http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2011-10-24.pdf


October 20, H Security – (International) Researchers: XML encryption standard is insecure. Researchers at the Ruhr University of Bochum in Germany said they have succeeded in cracking parts of the XML encryption used in Web services, thus making it possible to decrypt encrypted data, H Security reported October 20. The official W3C XML encryption specification is designed to be used to protect data transmitted between online servers such as those used by e-commerce and financial institutions. According to researchers, IBM, Microsoft, and Red Hat Linux use the standard solution in Web service applications for many large customers. They said that, based on their findings, the standard should now be considered insecure. They plan to publish details about the problem at the upcoming ACM Conference on Computer and Communications Security in Chicago. Source: http://www.h-online.com/security/news/item/Researchers-XML-encryption-standard-is-insecure-1364074.html


Will this become an issue?



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1831 / Virus Database: 2092/4571 - Release Date: 10/24/11

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]