XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] they should've used XML
On Wed, 2016-07-20 at 15:16 -0400, Simon St.Laurent wrote:
> Well, no, probably they shouldn't have, but this mention of ASN.1 and
> a  potentially major security flaw reminded me of long-ago
> conversations  here about the value or lack thereof of (relatively
> generic) binary formats.
> 
> http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-pho
> nes-and-networks-at-risk-of-complete-takeover/

I don't think we can promise that EXI implementations are more secure
than ASN.1 implementations.

But maybe you saw one of the talks given at Usenix where the
researchers unlock a car remotely using a cellphone, then make it start
the engine. The vulnerability they used (as I recall) involved buffer
overruns in Web services implementations.

Liam


-- 
Liam R. E. Quin <liam@w3.org>
The World Wide Web Consortium (W3C)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS