David Byrne sent over an interesting proof of concept to use the same res:// attack I talked about that Billy Rios found the other day, but he put an interesting spin on it. The amount of CPU cycles (timing) it takes for the process to run depending on if the file is there or not are pretty significantly different. Click here to see the demo.
I’m not sure if this provides additional value over the original res:// attack, but certainly it shows that timing attacks are really very possible for this. The results on my machine were dramatic (over double the time for existing verses non-existing files). Your mileage may vary. Cool trick, nonetheless.