Home > mailing lists

Re: Black Hat: New database attack revealed - Mailing list pgsql-advocacy

From	Dave Page
Subject	Re: Black Hat: New database attack revealed
Date	August 2, 2007 12:27:31
Msg-id	46B1CDAA.8050902@postgresql.org Whole thread Raw
In response to	Re: Black Hat: New database attack revealed (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Black Hat: New database attack revealed (Magnus Hagander <magnus@hagander.net>) Re: Black Hat: New database attack revealed (Lukas Kahwe Smith <smith@pooteeweet.org>)
List	pgsql-advocacy

Tree view

Peter Eisentraut wrote:
> Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
>> New timing attack doesn't need application bugs to work
>>
>> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>> m?RSS&newsid=4344
>
> This is complete BS, as evidenced by this statement:
>
> """
> their attack involves performing record insertion operations, typically
> available to all database users - including anonymous users of front-end web
> applications - and analysing the time it takes to perform different kinds of
> insertions.
> """
>
> In principle, attacks of this kind would be possible, but it's not quite as
> simple as they make it appear.
>

That was roughly my thought as well.

In our case, would it even be possible given WAL?

Regards, Dave.

pgsql-advocacy by date:

From: Peter Eisentraut
Date: 02 August 2007, 12:16:33
Subject: Re: Black Hat: New database attack revealed

From: Magnus Hagander
Date: 02 August 2007, 12:39:13
Subject: Re: Black Hat: New database attack revealed

Re: Black Hat: New database attack revealed - Mailing list pgsql-advocacy

Previous

Next