I was asked this afternoon what experience I had with DPA. My first guess was none as I didn't know what it meant. So I used good ol google to have a look. I pulled up a good short news article that I found titled http://news.com.com/2100-7355-5193696.html - (broken link) Company to license device-security tools. It was published some time back, April 18 2004 to be exact and was written by Michael Kanellos. The item and the technique of DPA is very interesting so I thought I would share it here. DPA stands for Differential Power Analysis and is a technique whereby a hacker monitors variations in electrical consumption of a card that performs encryption functions. He can then do a reverse analysis to discover the passwords being used. This type of attack was found in the 90's according to this news item. This is a very interesting technique and a company called Cryptography Research has taken out more than 60 patents for technology to protect against this type of attack. There is another link in this article to another about http://news.com.com/2100-7355-5193696.html - (broken link) differential power analysis that explains the technique in a little more detail. I am not sure that this could ever apply to an Oracle database but I suppose you should never underestimate the levels to which someone can go to hack your database.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Britain's hi-tech crime wave"] [Next entry: "Changed my RSS feed to spit out the first 20 words and a link to the entry"]
June 2005
- Steve has improved his Custom JDBC URL example - 06/01/2005 by 06/01/2005
- SANSFIRE is coming up very soon - 06/03/2005 by 06/03/2005
- OT: A book on how to build an Apple 1 replica - 06/04/2005 by 06/04/2005
- ooops forgot the link - 06/06/2005 by 06/06/2005
- Wait even enhancements in 10g - 06/07/2005 by 06/07/2005
- Debu talked about EJB security hole - 06/08/2005 by 06/08/2005
- Default passwords for Oracle BPEL Process manager - 06/09/2005 by 06/09/2005
- Interesting post in Amis about "who called me" - 06/10/2005 by 06/10/2005
- OT: Another Apple post - 06/11/2005 by 06/11/2005
- Shay talked about version control through JDeveloper - 06/12/2005 by 06/12/2005
- A book on Peoplesoft for the Oracle DBA - 06/13/2005 by 06/13/2005
- A nice Windows internals website - 06/14/2005 by 06/14/2005
- Another great Windows internals site - 06/16/2005 by 06/16/2005
- An interesting alternative technique to crack passwords - 06/17/2005 by 06/17/2005
- OT: RSS fixes just done - 06/18/2005 by 06/18/2005
- 10gR2 adds a "wrap" package procedure, TDE and makes DBMS_OUTPUT output unlimited - 06/20/2005 by 06/20/2005
- An issue with DBA_REGISTRY - 06/21/2005 by 06/21/2005
- Pete Finnigan is now a member of the Oaktable network - 06/22/2005 by 06/22/2005
- Grant talks about patch 2 for 9.0.4 for certified Linux and Mac clients - 06/23/2005 by 06/23/2005
- An excellent XSS cheatsheet - 06/24/2005 by 06/24/2005
- Ed informs us that 10gR2 should be out this month - 06/26/2005 by 06/26/2005
- Installing Oracle Password Repository (OPR) - a walk through - 06/27/2005 by 06/27/2005
- Niall says Oracle 10gR2 should be out on June 30 - for Linux - 06/28/2005 by 06/28/2005
- 10g Release 2 PL/SQL and SQL new features - 06/29/2005 by 06/29/2005
Archives
Syndication
Powered by gm-rss 2.0.0
