You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Java

Java White Papers

Exposing Private Information by Timing Web Applications

Overview The paper discusses the time the web sites take to respond to HTTP requests can leak private information, using two different types of attacks. The first, direct timing, directly measures response times from a web site to expose private information such as validity of an username at a secured site or the number of private photos in a publicly viewable gallery. The second, cross-site timing, enables a malicious web site to obtain information from the user's perspective at another site. The paper explains in detail how and why these attacks work, and discuss methods for writing web application code that resists these attacks.

Further White Paper Details
Publisher	International World Wide Web Conference Committee	File Format	PDF
Date Published	May 2006
Format	White Papers
Topics	Java, Security Management, Application Development

Did you find this white paper useful? 4 out of 8 users found this white paper useful

Attacks still battering unpatched Windows flaws

The timing of these attacks and exploits is designed to be a thorn in the side of Microsoft. At one point several million domains were redirecting to malicious VML sites, according to iDefense. For the attack to be carried out, a user must first...

New IE flaw rated as "critical"

Microsoft is investigating a report of a new, unpatched flaw in Internet Explorer that could expose users of the ubiquitous web browser to attacks. An attacker could craft a malicious website that takes advantage of the flaw and gain control over...

Channel:
Security Strategy
Tags:
flaw,
ie

Malicious security attacks hit 90 per cent of UK firms

More than 90 per cent of large UK businesses have been the victim of a malicious security incident in the past year, largely due to a sharp increase in the volume of virus attacks, according to a government security survey.

Channel:
Security Strategy

Netsky attacks down four hacking and P2P sites

However, because the worm only attacks the main www.edonkey2000.com address, it is still accessible by visiting http://edonkey2000.com. Mikko Hyppönen, director of antivirus research at F-Secure, said that even though the eDonkey and emule-project...

Channel:
IT Pro

Hack attacks on Linux sites rocket

Attacks on Linux-based websites have risen dramatically over the past year. A study by UK security consultancy mi2g found 7,630 attacks on Linux systems during the first half of 2002 in comparison to just 5,736 for the whole of 2001.

Channel:
Security Strategy

Lycos open to malicious attacks

A vulnerability has been found in the Lycos search engine which could lead to the PCs of visitors to the site being infected with malicious code. Security lab CBS Sentry Research found a vulnerability in the search engine which could allow a...

Channel:
Security Strategy

Featured White Papers

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

This IDC whitepaper examines how companies are turning to integrated security solutions, such as Novell Secure Desktop Solution, to deal with the vulnerability of mobile assets and implement a comprehensive security strategy.

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Going green has become an imperative, not an option, for companies facing the new reality of balancing business objectives with dwindling environmental resources. Read on to learn how Citrix products can help bring environmental and organizational objectives into alignment by alleviating the energy impact of equipment needed to serve both the datacenter and the desktop.

Publisher:
Citrix Systems

Identity and Security Management and Strong Information Technology Goverance

A total identity and access management (IAM) – driven goverance, risk and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practises across the enterprise. This IDC white paper examines identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance.

Publisher:
Novell

Also on silicon.com

Site Navigation:

Java White Papers

Exposing Private Information by Timing Web Applications

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific