Thanks , Tim Tim Grapes SE Solutions, Inc. (703) 304-4829 From: Andress, Willie K. [mailto:
wandr1@lsuhsc.edu] Sent: Monday, October 24, 2011 4:05 PM To: Grapes, Timothy Subject: XML encryption standard FYI – from today’s DHS Daily Infrastructure Open Source Report –
http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2011-10-24.pdf October 20, H Security – (International) Researchers: XML encryption standard is insecure. Researchers at the Ruhr University of Bochum in Germany said they have succeeded in cracking parts of the XML encryption used in Web services, thus making it possible to decrypt encrypted data, H Security reported October 20. The official W3C XML encryption specification is designed to be used to protect data transmitted between online servers such as those used by e-commerce and financial institutions. According to researchers, IBM, Microsoft, and Red Hat Linux use the standard solution in Web service applications for many large customers. They said that, based on their findings, the standard should now be considered insecure. They plan to publish details about the problem at the upcoming ACM Conference on Computer and Communications Security in Chicago. Source:
http://www.h-online.com/security/news/item/Researchers-XML-encryption-standard-is-insecure-1364074.html Will this become an issue? Knox No virus found in this message. Checked by AVG -
www.avg.com Version: 2012.0.1831 / Virus Database: 2092/4571 - Release Date: 10/24/11