| From: | Lukas Kahwe Smith <smith(at)pooteeweet(dot)org> |
|---|---|
| To: | Dave Page <dpage(at)postgresql(dot)org> |
| Subject: | Re: Black Hat: New database attack revealed |
| Date: | 2007-08-02 13:20:09 |
| Message-ID: | 46B1DA09.7060709@pooteeweet.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
Dave Page wrote:
> Peter Eisentraut wrote:
>> Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
>>> New timing attack doesn't need application bugs to work
>>>
>>> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>>> m?RSS&newsid=4344
>> This is complete BS, as evidenced by this statement:
>>
>> """
>> their attack involves performing record insertion operations, typically
>> available to all database users - including anonymous users of front-end web
>> applications - and analysing the time it takes to perform different kinds of
>> insertions.
>> """
>>
>> In principle, attacks of this kind would be possible, but it's not quite as
>> simple as they make it appear.
>>
>
> That was roughly my thought as well.
Also given varying load, things moving in and out of cache buffers etc.
I am not really sure if this is at all relevant for anything but
database systems with very few concurrent users.
regards,
Lukas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Browne | 2007-08-02 13:52:33 | Re: Black Hat: New database attack revealed |
| Previous Message | Dave Page | 2007-08-02 13:01:32 | Re: Black Hat: New database attack revealed |