There has been some confusion about how the attack actually works and the measures that can effectively mitigate it. As a type of “oracle attack,” it uses results returned from queries to a system to discover information that was not directly disclosed. You can read more about it here:
About The Author
Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.