OASIS Emergency Management TC

FW: XML encryption standard insecure

  • 1.  FW: XML encryption standard insecure

    Posted 10-25-2011 12:38
      Thanks ,     Tim Tim Grapes SE Solutions, Inc. (703) 304-4829   From: Andress, Willie K. [mailto:wandr1@lsuhsc.edu] Sent: Monday, October 24, 2011 4:05 PM To: Grapes, Timothy Subject: XML encryption standard   FYI – from today’s  DHS Daily Infrastructure Open Source Report – http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2011-10-24.pdf   October 20, H Security – (International) Researchers: XML encryption standard is insecure. Researchers at the Ruhr University of Bochum in Germany said they have succeeded in cracking parts of the XML encryption used in Web services, thus making it possible to decrypt encrypted data, H Security reported October 20. The official W3C XML encryption specification is designed to be used to protect data transmitted between online servers such as those used by e-commerce and financial institutions. According to researchers, IBM, Microsoft, and Red Hat Linux use the standard solution in Web service applications for many large customers. They said that, based on their findings, the standard should now be considered insecure. They plan to publish details about the problem at the upcoming ACM Conference on Computer and Communications Security in Chicago. Source: http://www.h-online.com/security/news/item/Researchers-XML-encryption-standard-is-insecure-1364074.html   Will this become an issue?   Knox No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.1831 / Virus Database: 2092/4571 - Release Date: 10/24/11