CHAPTER 28 Security and Robustness in the Internet Infrastructure system. For example, device configuration infor- mation may be read from firmware repositories at boot time and stored in software databases during normal operation for quick access. Thus, a hacker could corrupt this more easily accessi- ble data in SW databases even if access to lower level repositories is difficult or protected by cryp- tographic or access control mechanisms. On the positive side, if such a corruption can be detected, correct values can be restored from the device. A special case of duplication is aggregated informa- tion (e.g., count of number of servers with cer- tain characteristics). In this case, an attack on the aggregated data can cause widespread impact, but with an effective detection mechanism, it is easy to reconstruct the data correctly. 727 28.7.3. Web-Services-Based Attacks problematic value. Another mechanism concerns the misuse of XML external entities, which is merely a macro facility by which one could include contents of external files in the XML stream. If the hacker can overwrite or replace such a file, it can put arbitrary XML code there. One such possibility is to open a new TCP con- nection with the privileges of the XML parser and perform arbitrary data transfer. A related attack is XML schema poisoning to alter control flow or otherwise cause incorrect processing of XML data. Finally, the hacker can inject arbitrary data wrapped in XML (e.g., XPATH expressions, SQL queries, LDAP requests, etc.) to achieve spe- cific attacks related to how the configuration data is manipulated. Some of the XML manipulation attacks can disable authentication and thereby gain unrestricted access to the configuration data.