Interesting article on Cross-Domain Timing Attacks…

I’ve been meaning to fiddle around with timing attacks for a while. I’ve had various discussions in the past about the significance of login determination attacks (including ones I found myself) and my usual response would be “it’s all moot — the attacker could just use a timing attack”. Finally, here’s some ammo to support that position. And — actual cross-domain data theft using just a timing attack, as a bonus.


~ by Normanomicon on December 11, 2009.

%d bloggers like this: