-
August 1st, 2007, 10:21 PM
#1
Patch This Then!
Something interesting from Black Hat:
A timing attack against databases that does not require vulnerabilities or misconfigurations.............all it needs is for the DB to use the BTREE indexing algorithm
http://www.pcworld.com/article/id,13...s/article.html
Last edited by nihil; August 2nd, 2007 at 09:27 AM.
-
August 2nd, 2007, 10:06 AM
#2
A strict set of criteria has to be met and knowledge of the database schema is needed for the attack to work though.
On its own it sounds more like a "theoretically this can happen" type attack - however used in conjunction with other attack vectors to discover Database structure information and prevent users from accessing it to allow the timing vector to work, then it could be a more valid vector of attack if it gets out in the wild.
Interesting though.
Similar Threads
-
By qwerty_smith in forum Microsoft Security Discussions
Replies: 1
Last Post: February 5th, 2003, 09:41 PM
-
By s0nIc in forum Microsoft Security Discussions
Replies: 7
Last Post: May 21st, 2002, 01:27 PM
-
By souleman in forum Microsoft Security Discussions
Replies: 5
Last Post: April 11th, 2002, 11:39 PM
-
By gstudios in forum Microsoft Security Discussions
Replies: 1
Last Post: April 3rd, 2002, 10:26 PM
-
By RogueSpy in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: February 11th, 2002, 08:24 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|