The thing about computer security is, the more you learn, the more you realize the Internet is essentially patched together with duct tape and butcher’s twine:
Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products.
…Researchers at Codenomicon Ltd., a security testing company out of Oulu, Finland, say they found multiple critical flaws in XML “libraries,” chunks of code that are typically used and re-used in software applications to process XML data.
…XML is used in a variety of document formats (docx, openoffice, playlists, configuration files and RSS feeds, to name a few). As a result, there are numerous vectors for attacking XML flaws remotely, such as sending malicious documents or network requests, said Jussi Eronen, an information security adviser for CERT-FI, the Finnish Computer Emergency Response Team.
Um, yay?
