))
Haroon Meer & Marco Slaviero: It's all about the timing
Manage episode 152212010 series 1053194
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
It's all about the timing...
Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are still very much alive and kicking on the Internet and fairly prevalent in web applications (if only we were looking for them). The talk will cover SensePost-aTime (our new SQL Injection tool that operates purely on timing differences to extract data from injectable sites behind draconian firewall rulesets), our new generic (timing aware) web brute-forcer and lots of new twists on old favorites.
If you are doing testing today, and are not thinking a lot about timing, chances are you are missing attack vectors right beneath your stop-watch!
…
continue reading
Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are still very much alive and kicking on the Internet and fairly prevalent in web applications (if only we were looking for them). The talk will cover SensePost-aTime (our new SQL Injection tool that operates purely on timing differences to extract data from injectable sites behind draconian firewall rulesets), our new generic (timing aware) web brute-forcer and lots of new twists on old favorites.
If you are doing testing today, and are not thinking a lot about timing, chances are you are missing attack vectors right beneath your stop-watch!
89 에피소드
공유
