ERUCES Encryption Security Software Thwarts Black Hat Database Attack

Share Article

ERUCES engineers confirmed recently that the company's Tricryption encryption software protects databases against an exploit unveiled at the 2007 Black Hat Security Conference.

ERUCES LOGO PNG

ERUCES engineers confirmed recently that the company's Tricryption software, and more specifically the Application Server Agent and the Tricryption Cryptographic Key Server, protects against the database exploit presented by researchers last month at the 2007 Black Hat Security Conference.

The database exploit discovered by Core Security Technologies may be used by attackers to determine arbitrary values within a database through a process called a timing side-channel attack. This type of attack measures the amount of time between database writes to determine values within the database. The discovery used mySQL, a very popular open source database, but the Argentinean researchers suggested this same attack should work on Microsoft and Oracle databases because of their use of a data storage mechanism called B+ trees. They insist more research on additional databases is necessary, and will be forthcoming.

If hackers were to use this vulnerability, it would be most successful on locations with unsecured data storage, where credit card information or passwords are recorded without security protection. ERUCES' Application Server Agent (ASA) secures entries stored within a database, providing protection down to the individual element level, locking personally identifiable information, passwords or other desirable information through high security encryption. ERUCES' ASA communicates with the encryption key servers for authentication and authorization of element access, insuring there will be no disclosure through the Black Hat vulnerability.

About ERUCES:
ERUCES is redefining cryptographic security, providing encryption, key management and key distribution products that protect Databases, Workstations, Servers, Web Services/Application Servers and third-party applications. ERUCES Tricryption software utilizes standard encryption algorithms implemented in validated cryptographic modules. ERUCES is a privately held software company headquartered in Kansas City with offices in Tampa, Orlando, and Columbia, MD. For further information on ERUCES, visit http://www.eruces.com.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jon-Michael Brook
Visit website