19 Jul
2015
19 Jul
'15
8:15 a.m.
* Georgi Guninski:
You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others.
Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.
Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.) Service providers can also provision VMs in such a way that customers can only attack themselves.