|
|
|
|
|
|
by TimothyFitz
5332 days ago
|
|
|
The researchers uncovered an XML Signature Wrapping attack, which requires the attacker has access to the plaintext of a correctly authorized XML request sent to Amazon. Given that every client I know of uses https for EC2 APIS, this isn't what I would call a "Massive Security Flaw". More details on XML Signature Wrapping here: http://clawslab.nds.rub.de/wiki/index.php/XML_Signature_Wrap... |
|
|