Fine grain Cross-VM Attacks on Xen and VMware (AES)
Griffin Boyce
griffin at cryptolab.net
Tue Apr 22 10:33:35 PDT 2014
'AES in a number popular cryptographic libraries including OpenSSL,
PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack
when run in Xen and VMware virtual machines, the most popular VMs used
by cloud service providers.'
Abstract: http://eprint.iacr.org/2014/248
Paper: http://eprint.iacr.org/2014/248.pdf
So in a nutshell, if you want to steal a website's private keys, you can
get an account on their hosting provider and at least have a shot at
getting on the same physical server ;-)
~Griffin
More information about the Testlist
mailing list