Printable View
Something interesting from Black Hat:
A timing attack against databases that does not require vulnerabilities or misconfigurations.............all it needs is for the DB to use the BTREE indexing algorithm :eek:
http://www.pcworld.com/article/id,13...s/article.html
A strict set of criteria has to be met and knowledge of the database schema is needed for the attack to work though.
On its own it sounds more like a "theoretically this can happen" type attack - however used in conjunction with other attack vectors to discover Database structure information and prevent users from accessing it to allow the timing vector to work, then it could be a more valid vector of attack if it gets out in the wild.
Interesting though.