- Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)
- Ariel Waissbein. Joint work with Ariel Futoransky, Damian Saura and Pedro Varangot
- RSA Conference 2008. April 7-11, 2008. (HT1-302)
- Date published
- Timing attacks, Database Management Systems, MySQL, MS SQL, B-trees.
Data security breaches are mostly due to the exploitation of bugs in front-end web applications. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations.