Tag Archives: XML Encryption

What Security Vendors Said One Year Ago…

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.

read more

XML Encryption Cracked!

Broken CBC XMLWe have not completely assimilated the BEAST vulnerability, and here it comes, from Bochum, Germany, another serious flaw involving Encryption, or better, involving XML Encryption.

XML Encryption, is a W3C standard widely used to securely transmit information inside Application-to-Application Web services connections. It was believed to be a robust standard mechanism to protect data exchange between a wide class of applications using web services and deployed in different sectors, for instance business, e-commerce, financial, healthcare, governmental and military applications. For the generic user a typical scenario involves, for example, credit card information encryption for a payment within an XML-based purchase order.

read more