Dnia niedziela, 19 lipca 2015 10:15:38 Florian Weimer pisze:
* Georgi Guninski:
You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others.
Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.
Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.)
Service providers can also provision VMs in such a way that customers can only attack themselves.
I consider service providers' access to my data a problem in and of itself. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147