Jul 31 2007
Wow, it’s not a good day in security. First Paul from PaulDotCom IM’d me this morning to let me know about a vulnerability that is known to affect VMWare and may affect all virtual machines and now there’s news of a timing attack that could be used against any database to reveal sensitive information to an attacker. This attack affects an algorithm that’s common to most commercial database systems.
I’m headed to Black Hat and Defcon Thursday, but I really wish I’d been able to get there earlier. It sounds like there’s going to be a lot of very interesting vulnerabilities discussed, which is standard for Black Hat. I just hope the patches for these vulnerabilities are as quick to come out as the vulnerabilities are. And I’m hoping the different security researchers are practicing ‘responsible disclosure’. I wonder if David Maynor will be revealing anything at the event?