1. 7
    New cloud attack takes full control of virtual machines with little effort security arstechnica.com
    Irene avatar via Irene 1 year ago | cached | 7 comments

  1.  

  2. 6
    tedu avatar tedu 1 year ago | link

    With the rather major qualifier that cross VM ram dedupe is enabled, which probably comes close to downgrading the title to “incorrect”.

    1. 5
      mjturner avatar mjturner 1 year ago | link

      Interesting that two different Rowhammer-based cross-VM attacks have been released at roughly the same time. See here for the other one.

      1. 1
        tedu avatar tedu edited 1 year ago | link

        That’s the same attack. This is the just the “all aboard the hype train” press article about the paper.

        (Er, I was wrong.)

        1. 6
          mjturner avatar mjturner 1 year ago | link

          Ah, I didn’t realise that, as they’re two different papers with different researchers involved (albeit both being published at Usenix). Here’s the paper for this article.

          1. 5
            tedu avatar tedu 1 year ago | link

            OH! They are different. Very sorry. The attack this article is about, Flip Feng Shui, from researchers in Amsterdam, has been making the rounds for a while now. So in a sense, the same attack as “before”.

            What I missed was the second attack by Ohio State researchers! This does look at least a little different. Now to read the paper and find out. :)

            Thanks for pointing this out. I noticed the same thing but came to a very different conclusion.

      2. 1
        tedchs avatar tedchs 1 year ago | link

        Article says this attack is mitigated by “relying on memory with error-correcting codes”. Are there cloud hosts, or even “private cloud” deployments that are not using ECC memory?

        1. -1
          meskarune avatar meskarune 1 year ago | link

          “New butt attack takes full control of virtual machines with little effort”, just thought I’d share the lol.