Patch This Then!
Results 1 to 2 of 2

Thread: Patch This Then!

  1. #1
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Patch This Then!

    Something interesting from Black Hat:

    A timing attack against databases that does not require vulnerabilities or misconfigurations.............all it needs is for the DB to use the BTREE indexing algorithm

    http://www.pcworld.com/article/id,13...s/article.html
    Last edited by nihil; August 2nd, 2007 at 10:27 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    A strict set of criteria has to be met and knowledge of the database schema is needed for the attack to work though.

    On its own it sounds more like a "theoretically this can happen" type attack - however used in conjunction with other attack vectors to discover Database structure information and prevent users from accessing it to allow the timing vector to work, then it could be a more valid vector of attack if it gets out in the wild.

    Interesting though.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Similar Threads

  1. MS 1st critical update of 2003
    By qwerty_smith in forum Microsoft Security Discussions
    Replies: 1
    Last Post: February 5th, 2003, 09:41 PM
  2. Newest Microsoft IE patch flawed!
    By s0nIc in forum Microsoft Security Discussions
    Replies: 7
    Last Post: May 21st, 2002, 02:27 PM
  3. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 12th, 2002, 12:39 AM
  4. MS security patch fails on local files
    By gstudios in forum Microsoft Security Discussions
    Replies: 1
    Last Post: April 3rd, 2002, 10:26 PM
  5. Botched Browser Security Patch
    By RogueSpy in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: February 11th, 2002, 08:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •