[Dshield] The race to the bottom - Virtualizing all your servers -security measure or not?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 31 04:07:14 GMT 2006


On Wed, 30 Aug 2006 13:36:13 PDT, Linda Ruiz said:
> Hello Don,
> If my host server is not using AMD CPUs, but uses Intel XEONs on brand name hardware, 
> does that mean that the nasty has less of an advantage?  I may misunderstand,
> but if AMD SVM extensions are not available, then they can't be used against
> my hosting server, right?  Or do AMD SVM extensions provide more protection? 

The "blue pill" attack appears to be AMD-specific.  However, there is *no*
reason to believe that similar issues won't be found in the Xeon chipsets.
Given the way most chipsets haven't been designed with virtualization
in mind, there's good reason to believe things *will* be found.  The
IBM S/370 architecture, which incorporated a lot of things learned in S/360
and the CP/67, was designed to be virtualizable (although by design, it was
possible to discover you were in a VM - you just couldn't *do* anythin about
escaping).  Most architectures since then have *not* had "virtualizable" as
a design goal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.dshield.org/pipermail/list/attachments/20060831/abb1f7e2/attachment.bin 


More information about the list mailing list