Patch This Then!
Results 1 to 2 of 2

Thread: Patch This Then!

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    Patch This Then!

    Something interesting from Black Hat:

    A timing attack against databases that does not require vulnerabilities or misconfigurations.............all it needs is for the DB to use the BTREE indexing algorithm,13...s/article.html
    Last edited by nihil; August 2nd, 2007 at 09:27 AM.

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    A strict set of criteria has to be met and knowledge of the database schema is needed for the attack to work though.

    On its own it sounds more like a "theoretically this can happen" type attack - however used in conjunction with other attack vectors to discover Database structure information and prevent users from accessing it to allow the timing vector to work, then it could be a more valid vector of attack if it gets out in the wild.

    Interesting though.
    Drugs have taught an entire generation of kids the metric system.


Similar Threads

  1. MS 1st critical update of 2003
    By qwerty_smith in forum Microsoft Security Discussions
    Replies: 1
    Last Post: February 5th, 2003, 08:41 PM
  2. Newest Microsoft IE patch flawed!
    By s0nIc in forum Microsoft Security Discussions
    Replies: 7
    Last Post: May 21st, 2002, 01:27 PM
  3. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM
  4. MS security patch fails on local files
    By gstudios in forum Microsoft Security Discussions
    Replies: 1
    Last Post: April 3rd, 2002, 09:26 PM
  5. Botched Browser Security Patch
    By RogueSpy in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: February 11th, 2002, 07:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts