'Bugless' hacker attack demonstrated

August 2, 2007

[From IT Business]

Researchers at Core Security Technologies demonstrated an attack that could allow hackers to extract private information from databases -- without requiring any bugs in the database management software.

The demonstration, on Wednesday at Black Hat USA in Las Vegas, involved timing attacks, a technique for breaking ciphers. It's effective against databases using BTREE, the most popular database indexing algorithm and data structure, and will use MySQL for demonstration purposes, Core researchers said.

The article continues at http://www.itbusiness.ca/it/client/en/home/news.asp?id=44544