It looks like XML is going to become a hot (or at least warm) topic at the upcoming Black Hat Technical Security Conference. Apparently a researcher’s discovered a problem affecting Twitter and a number of other sites, and he’s been able to exploit it using an XML file.
Dan Goodin reported late last week, “The error resides in an Adobe Flash object hosted on the microblogging site, said Mike Bailey, a senior security analyst with penetration testing firm Foreground Security. Contrary to Adobe recommendations, the object is free to load files hosted virtually anywhere on the net, including those containing booby-trapped javascript and action script.”
A lot of important companies have supposedly made the same mistake, too, and Bailey intends to “out” them all at the security conference.
In terms of reputation and public relations, this might not be the best way for XML to receive more attention; let’s hope no one comes to think of it as a hacker’s tool. Still, publicity is publicity, and people who attend the conference will likely be smart enough to recognize XML’s usefulness in all sorts of situations.
The Black Hat Technical Security Conference will take place between January 31st and February 3rd in Washington, D.C., so stay tuned.
