XML Encryption Flaw Exposes Web Services To Security Risks

Watch your Web Services: the official XML Encryption Syntax and Processing standard can be broken. So say two researchers from Ruhr-University Bochum in Germany, who have demonstrated a practical attack against XML's cipher block chaining (CBC) mode. "We were able to decrypt data by sending modified ciphertexts to the server, by gathering information from the received error messages," according to a statement released by the researchers, Juraj Somorovsky and Tibor Jager. They presented their findings in detail at last week's ACM Conference on Computer and Communications Security in Chicago.

The link for this article located at Information Week is no longer available.