I love the reference to the ACIDRain paper in there.
> They analyzed “12 popular self-hosted eCommenrce applications written in four languages and deployed on over 2M websites” and identified and verified “22 critical ACIDRain attacks that allow attackers to corrupt store inventory, over-spend gift cards, and steal inventory”. According to the paper, “Of the 22 vulnerabilities, five were level-based, meaning that the default weak isolation level led to the anomalies behind the vulnerabilities.
The submitted title deviates from that of the linked post ("Do we fear the serializable isolation level more than we fear subtle bugs?") and, having read the source, I'm not even sure if it's even close to accurate...
Sorry, might be that the title is a little bit inaccurate. However, the post indeed describes multiple cases, when attackers have stolen many BTC from the exchanges, because of the issue with a weak isolation level. Moreover, one of the exchanges was totally ruined because of that.
eatonphil|1 year ago
> They analyzed “12 popular self-hosted eCommenrce applications written in four languages and deployed on over 2M websites” and identified and verified “22 critical ACIDRain attacks that allow attackers to corrupt store inventory, over-spend gift cards, and steal inventory”. According to the paper, “Of the 22 vulnerabilities, five were level-based, meaning that the default weak isolation level led to the anomalies behind the vulnerabilities.
http://www.bailis.org/papers/acidrain-sigmod2017.pdf
PreInternet01|1 year ago
eivanov89|1 year ago
unknown|1 year ago
[deleted]