[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: The sky is falling! XML's dirty secret! Go back! It's a

  • To: 'Rich Salz' <rsalz@d...>
  • Subject: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
  • From: "Bullard, Claude L (Len)" <clbullar@i...>
  • Date: Mon, 3 Jun 2002 10:58:18 -0500
  • Cc: Paul Prescod <paul@p...>, xml-dev@l...

sky encryption crack
I understand the "knowing where to look" in terms 
of securing a system by knowing what it's vulnerabilities 
are.  I can't find any article that states 
definitively if XML helps the cracker (is it a vulnerability 
by nature exploitable by a malicious agent, 
not by ignorance (a person transmitting unencrypted 
data, a person leaving XML files "in the open")). 

So far, I've seen no evidence that XML makes it easier 
to crack the encryption; just that once it is cracked, 
it is easier to understand, which is of course, why 
markup is used anyway.  The article referenced in the 
referenced article has gone bye bye.

Given the long history of Internet specs for producing 
insecure systems, one would think someone would have 
a definitive answer but given the rush to adopt 
Internet technology, maybe not.  The sky is always 
falling on the web. ;-)

len



From: Rich Salz [mailto:rsalz@d...]

> If the answer is, experts disagree, there is liability and a 
> real problem to be solved somewhere.  That there are costs 
> is assumed.

So far, the only XML-specific risks I've heard about are various attacks 
on Unicode[1].  I think most security people assume that the bad guys 
know what they're looking for (except perhaps Carnivore :), so it 
doesn't matter if the data is XML, ASCII, or private extension fields in 
EDI.

 > XML posits that we all drive the same car and
> so will be equally liable.

Not really; it's more like specifying standard positions for the 
steering wheel, gas pedal, etc.  As I said:  knowing where to look.
	/r$

[1] http://www.counterpane.com/crypto-gram-0007.html#9

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.