23 Apr
2014
23 Apr
'14
4:19 p.m.
Griffin Boyce <griffin@cryptolab.net> writes:
'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in Xen and VMware virtual machines, the most popular VMs used by cloud service providers.'
That's just another proof of the inverse of Law #1 of the 10 Immutable Laws of Security, "If a bad guy can persuade you to run his program on your computer, it’s not your computer any more". The inverse is the Immutable Law of Cloud Computing Security, "If a bad guy can persuade you to run your program on his computer, it’s not your program any more". Peter.