Quick Links

Re: Black Hat: New database attack revealed

From:	Peter Eisentraut <peter_e(at)gmx(dot)net>
To:	pgsql-advocacy(at)postgresql(dot)org
Subject:	Re: Black Hat: New database attack revealed
Date:	2007-08-02 12:16:23
Message-ID:	200708021416.24014.peter_e@gmx.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-advocacy

Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
> New timing attack doesn't need application bugs to work
>
> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>m?RSS&newsid=4344

This is complete BS, as evidenced by this statement:

"""
their attack involves performing record insertion operations, typically
available to all database users - including anonymous users of front-end web
applications - and analysing the time it takes to perform different kinds of
insertions.
"""

In principle, attacks of this kind would be possible, but it's not quite as
simple as they make it appear.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Black Hat: New database attack revealed at 2007-08-02 11:31:35 from Robert Bernier

Responses

Re: Black Hat: New database attack revealed at 2007-08-02 12:27:22 from Dave Page
Re: Black Hat: New database attack revealed at 2007-08-02 14:12:11 from Brian Hurt

Browse pgsql-advocacy by date

	From	Date	Subject
Next Message	Dave Page	2007-08-02 12:27:22	Re: Black Hat: New database attack revealed
Previous Message	Robert Bernier	2007-08-02 11:31:35	Black Hat: New database attack revealed