[vox] What Amazon doesn't tell you
Bill Broadley
bill at broadley.org
Mon Feb 22 22:50:05 PST 2010
Brian Lavender wrote:
> What Amazon doesn't tell you is the security of the hypervisor. If
> anything, I would think that their infrastructure should be open to
> audit to verify that it is secure.
Why? Does ebay? Gmail? Your ISP? Paypal? Etrade? Other VPS providers?
> I have not seen any mention of this.
> They quietly step around this.
Standard operating procedure.
> If someone jacks up the hypervisor, they can walk through your pages in
> memory, get your password hashes, run jack the ripper and well... the
> rest is history.
Yes, guest security requires host security. Certainly I'd recommend public
keys over password hashes. If someone can use jack the ripper and produce
useful passwords you're doing something wrong.
> Correct me if I am mistaken.
Your right, I just don't think it's a surprise or a secret. As always if you
don't trust anyone else you have to do it yourself, of course that means
running your own network, physical space, servers, DNS, etc.
More information about the vox
mailing list