xml-dev - Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a r

Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a r

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
From: Miles Sabin <miles@milessabin.com>
Date: Mon, 10 Jun 2002 15:12:41 +0100
In-reply-to: <4.2.0.58.20020610093042.03275f08@pop3.east.ora.com>
References: <3D01D65D.40909@dyomedea.com> <4.2.0.58.20020610093042.03275f08@pop3.east.ora.com>

Simon St.Laurent wrote,
> David Megginson had a nice piece to this effect a few years ago:
> http://www.megginson.com/ugly/index.html
>
> "When XML Turns Ugly"
>
> This was pre-schema, and still largely client-oriented, but has a lot
> of interesting pieces on the dangers of XML processing.

Now you mention it, I do remember a discussion of the some of the 
privacy issues a few years ago (I vaguely remember David mentioning 
grepping HTTP/DNS server logs for retrievals of external entities). 
That might very well be when I started worrying about these things.

To the best of my knowledge tho', there hasn't been much discussion of 
using external entities, or schemata, or RDDL, for active attacks as 
opposed to snooping.

Cheers,


Miles

References:
- Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list& a rare broadside)
  - From: Eric van der Vlist <vdv@dyomedea.com>
- Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

Prev by Date: RE: [xml-dev] Interesting mailing list & a rare broadside
Next by Date: RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
Previous by thread: Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
Next by thread: RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
Index(es):
- Date
- Thread