Timing Attacks For Recovering Private Entries From Database Engines presented at Blackhat USA 2007

by Pablo Damian Saura,

Tags: Security Web Access Exploitation

Summary : In today’s threat landscape, data
security breaches are mostly due to the exploitation of bugs in
front-end web applications (e.g. via SQL injection) or to the abuse of
misconfigured authorization and access control permissions. CoreLabs
devised an attack that works without requiring the existence of
implementation bugs or security misconfigurations in the database. The
new attack relies solely on the inherent characteristics of the indexing
algorithms used by most commercial database management systems.