Re: Security implications of network timing

Billy and Paul,

The goal here is to collect specific novel attacks (that is, attacks
not possible without this new information) that arise as a result of
resource timing. You've said "The performance timing information in
the new API has implications fat beyond Felton's classic work on
browser or shared cache snooping" and "I expect these capabilities
will be on-par with custom native code attack tools." but I do not see
any specific novel attack vectors mentioned in your responses that are
only possible with the addition of this data. Can you please elaborate
to provide specific novel attack vectors that arise as a result of
providing this new data, so we can analyze them and confirm that they
are indeed not possible without the data provided by resource timing?


Received on Thursday, 6 October 2011 14:01:18 UTC