XML Flaws Threaten Our Online World!

I am going to pose a question to you, the question is: What do you think would happen if a certain file format, which is used all the time by many people on a daily basis, was found vulnerable to attacks by online criminals? There is no one answer to this question, as one can only guess and imagine how much chaos this could potentially cause. The bad news is we can all watch and see what the consequences are going to be, because it has recently been discovered that there are vulnerabilities in the XML files.

Yes, you read correctly, according to Codenomicon, some vulnerabilities have been found within the XML libraries, which pertain to the Apache Software Foundation, the Python Software Foundation as well as from Sun. There are certain applications which are built with the use of XML files and this is what is posing the big risk factors. These vulnerabilities could directly be exploited to cause alarming denial of service attacks. When online attackers use denial of service attacks they generally choose to target big sites or servers such as credit card payment gateways. These attacks are considered a violation of the Internet policies and laws.

These discoveries which have been made public by Codenomicon, have also been made available to the open source groups. They have provided their advice and suggestions with regard to these vulnerabilities. Apparently, relevant patches for these XML vulnerabilities will be released very soon. This is not the only thing that is going to be released soon, we can also expect a security advisory about these vulnerabilities from the CERT Finland Team, who have been working in collaboration with Codenomicon.

For those of you who are still not sure about XML, let me provide you with a brief overview. XML stands for Extensible Mark-up Language and is an all-purpose specification for making custom mark-up languages. XML is used as the basis of many different customized computer languages. XML is also widely used as a file format for many software packages, with the inclusion of Microsoft Office. Some of the files of Microsoft Office are: excel.exe, excel.exe_1033 and f_officelivesignin.

The XML vulnerabilities run the risk of being exploited, should online attackers manage to persuade users to open specially tampered with and created XML files. Another method of attacking victims could be for online attackers to submit malicious requests to Web Servers that deal with XML formatted content. Codenomicon has brought our attention to the factor that attackers will now be aware of these vulnerabilities and will explore their options in order to exploit them.

It may scare you to know that the XML file format is used in many of the new VOIP services. This puts many VOIP users at risk at this current point in time. It has been strongly suggested that all organizations make use of this patch in order to lower the risk of becoming a victim. It is also important for everyone to be consciously aware of the factor that these files may be found where you least expect them. Codenomicon may be speaking about these XML vulnerabilities in more detail at the well established conference 'Hacker Halted', based in Miami in September of this year.