+ Reply to Thread
Results 1 to 2 of 2
  1. August 1st, 2007 10:21 PM #1
    nihil
    nihil is offline
    Super Moderator: GMT Zone nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,100

    Patch This Then!

    Something interesting from Black Hat:

    A timing attack against databases that does not require vulnerabilities or misconfigurations.............all it needs is for the DB to use the BTREE indexing algorithm

    http://www.pcworld.com/article/id,13...s/article.html
    Last edited by nihil; August 2nd, 2007 at 09:27 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?
    Reply With Quote Reply With Quote
  2. August 2nd, 2007 10:06 AM #2
    Nokia
    Nokia is offline
    Right turn Clyde Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia has a reputation beyond repute Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    A strict set of criteria has to be met and knowledge of the database schema is needed for the attack to work though.

    On its own it sounds more like a "theoretically this can happen" type attack - however used in conjunction with other attack vectors to discover Database structure information and prevent users from accessing it to allow the timing vector to work, then it could be a more valid vector of attack if it gets out in the wild.

    Interesting though.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. MS 1st critical update of 2003
    By qwerty_smith in forum Microsoft Security Discussions
    Replies: 1
    Last Post: February 5th, 2003, 08:41 PM
  2. Newest Microsoft IE patch flawed!
    By s0nIc in forum Microsoft Security Discussions
    Replies: 7
    Last Post: May 21st, 2002, 01:27 PM
  3. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM
  4. MS security patch fails on local files
    By gstudios in forum Microsoft Security Discussions
    Replies: 1
    Last Post: April 3rd, 2002, 09:26 PM
  5. Botched Browser Security Patch
    By RogueSpy in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: February 11th, 2002, 07:24 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides