Jul 31 2007

First all VM’s, now all databases

Published by at 10:05 am under Hacking,Security Advisories

Wow, it’s not a good day in security.  First Paul from PaulDotCom IM’d me this morning to let me know about a vulnerability that is known to affect VMWare and may affect all virtual machines and now there’s news of a timing attack that could be used against any database to reveal sensitive information to an attacker.  This attack affects an algorithm that’s common to most commercial database systems. 

I’m headed to Black Hat and Defcon Thursday, but I really wish I’d been able to get there earlier.  It sounds like there’s going to be a lot of very interesting vulnerabilities discussed, which is standard for Black Hat.  I just hope the patches for these vulnerabilities are as quick to come out as the vulnerabilities are.  And I’m hoping the different security researchers are practicing ‘responsible disclosure’.  I wonder if David Maynor will be revealing anything at the event?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “First all VM’s, now all databases”

  1. Rob Newbyon 01 Aug 2007 at 3:53 am

    Where can I find out more about this vulnerability? I keep on reading about it, but don’t know what it is yet…

%d bloggers like this: