XML Insecurities

The thing about computer security is, the more you learn, the more you realize the Internet is essentially patched together with duct tape and butcher’s twine:

Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products.

…Researchers at Codenomicon Ltd., a security testing company out of Oulu, Finland, say they found multiple critical flaws in XML “libraries,” chunks of code that are typically used and re-used in software applications to process XML data.

…XML is used in a variety of document formats (docx, openoffice, playlists, configuration files and RSS feeds, to name a few). As a result, there are numerous vectors for attacking XML flaws remotely, such as sending malicious documents or network requests, said Jussi Eronen, an information security adviser for CERT-FI, the Finnish Computer Emergency Response Team.

Um, yay?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: