It looks like its time to really tighten up your XML implementations to stop all other types of attacks, because researchers say “there is no simple patch for this problem.”
As anyone who would read this would know, XML is a hugely popular way to encrypt data being transferred over the Internet. Back in 2002, W3C standardized the encryption system and many companies now offer open-source and commercial frameworks that can be easily implemented.
The researchers who found the problem, Juraj Somorovsky and Tibor Jager from Ruhr-University Bochum in Germany, reported in their paper that “they were able to decrypt data by sending modified ciphertexts to the server, by gathering information from the received error messages.” They also see it a such an important issue because “It is employed in a large number of major web-based applications, ranging from business communications, e-commerce, and financial solutions.”
According to statements from Amazon.com officials, they were notified by the researchers through the W3C email list and they have already taken care of the problem in their systems. They are doing their best to ensure their customers that all of their data is still safe and is no longer in any danger from this threat. This would mostly be an issue for those using Amazons cloud computing services under their EC2 platform.
If you are directly affected by this, do your best to either fix the problem yourself or at least keep your eye out for updates on revisions of the XML standard. As more problems will most likely arise from this situation, there will likely be a great deal of effort to get the fix out there to the public.
