Re: Black Hat: New database attack revealed - Mailing list pgsql-advocacy

From Peter Eisentraut
Subject Re: Black Hat: New database attack revealed
Date
Msg-id 200708021416.24014.peter_e@gmx.net
Whole thread Raw
In response to Black Hat: New database attack revealed  (Robert Bernier <robert.bernier5@sympatico.ca>)
Responses Re: Black Hat: New database attack revealed  (Dave Page <dpage@postgresql.org>)
Re: Black Hat: New database attack revealed  (Brian Hurt <bhurt@janestcapital.com>)
List pgsql-advocacy
Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
> New timing attack doesn't need application bugs to work
>
> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>m?RSS&newsid=4344

This is complete BS, as evidenced by this statement:

"""
their attack involves performing record insertion operations, typically
available to all database users - including anonymous users of front-end web
applications - and analysing the time it takes to perform different kinds of
insertions.
"""

In principle, attacks of this kind would be possible, but it's not quite as
simple as they make it appear.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-advocacy by date:

Previous
From: Robert Bernier
Date:
Subject: Black Hat: New database attack revealed
Next
From: Dave Page
Date:
Subject: Re: Black Hat: New database attack revealed