Dave Page wrote:
> Peter Eisentraut wrote:
>> Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
>>> New timing attack doesn't need application bugs to work
>>>
>>> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>>> m?RSS&newsid=4344
>> This is complete BS, as evidenced by this statement:
>>
>> """
>> their attack involves performing record insertion operations, typically
>> available to all database users - including anonymous users of front-end web
>> applications - and analysing the time it takes to perform different kinds of
>> insertions.
>> """
>>
>> In principle, attacks of this kind would be possible, but it's not quite as
>> simple as they make it appear.
>>
>
> That was roughly my thought as well.
Also given varying load, things moving in and out of cache buffers etc.
I am not really sure if this is at all relevant for anything but
database systems with very few concurrent users.
regards,
Lukas