Re: Black Hat: New database attack revealed

Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
> New timing attack doesn't need application bugs to work
>
> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>m?RSS&newsid=4344

This is complete BS, as evidenced by this statement:

"""
their attack involves performing record insertion operations, typically
available to all database users - including anonymous users of front-end web
applications - and analysing the time it takes to perform different kinds of
insertions.
"""

In principle, attacks of this kind would be possible, but it's not quite as
simple as they make it appear.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/