[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Traffic Analysis and Namespace Dereferencing

  • From: David Megginson <david@m...>
  • To: xml-dev@l...
  • Date: Tue, 02 Jan 2001 11:08:36 -0500 (EST)
ns p2p
Play the video
John Wilson writes:

 > Performing an HTTP GET on an arbitrary URL is not an innocuous
 > action.

Very well put -- there are many dangers, including (as John points
out) denial-of-service (intentional or unintentional) and maliciously
altered schema information.

Even without technical or security problems, however, automatic
dereferencing will make it possible discover trade secrets, personal
information, etc. simply through traffic analysis.

Let's say that I have defined a popular Namespace for encoding
peer-to-peer records:

  http://www.megginson.com/ns/p2p

Now, imagine that IBM plans a big announcement next Thursday, but is
keeping it heavily under wraps.  I bring up my server log and find
10,000 hits for http://www.megginson.com/ns/p2p from a research domain
at ibm.com.  Hmm.

Maybe I know that there's a medium-sized, publicly-traded company
using my P2P Namespace, and that they've been shopping themselves
around.  Time to buy some stock; or, if I don't want to go to jail for
securities violations, time to leak it to the chatrooms.

Now, imagine the same kind of thing, only for IBM, substitute (say)
MI5, the Federal Reserve Board, or the Los Alamos nuclear research
lab.  Ouch!


All the best,


David

-- 
David Megginson                 david@m...
           http://www.megginson.com/

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2007 All Rights Reserved.