The W3C XML Encryption standard, used by Web services to pass sensitive data inside insecure documents, is fundamentally flawed, according to researchers from Ruhr University Bochum.