Security Researchers Warn of XML Vulnerability
Juraj Somorovsky and Tibor Jager say there's no simple fix for the problem, and the standard needs to be changed.
Security researchers have uncovered a vulnerability in XML encryption that can be used to decrypt sensitive data.
"XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat," writes Computerworld's Lucian Constantin. "Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode."
"The researchers claim that there is no simple fix for the problem and the standard needs to be changed," Constantin writes.
Go to "Widely used encryption standard is insecure, say experts" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.