Access "Security threats to virtual environments less theoretical, more practical"
This article is part of the September 2009 issue of 2009 Security Readers' Choice Awards
Jailbreaking a virtual machine has always been sort of a black op. You constantly hear whispers of researchers studying malware samples captured in the wild that can leap from a virtual guest machine to the host. Other researchers, meanwhile, work on exploits for vulnerabilities that would also allow an attacker to escape a virtual machine. These tangible exploits threaten the sanctity of virtualization projects that are so en vogue today with many companies for their server consolidation and power consumption benefits. The volume is getting louder on these exploit tools because every month or so, there are more of them. One of the neatest was outlined in late July at Black Hat 2009 USA. Immunity, an assessment and penetration testing company, provided details on a tool called Cloudburst, developed by senior security researcher Kostya Kortchinsky. Cloudburst, available to users of Immunity's CANVAS testing tool, exploits a bug in the display functions of VMware Workstation 6.5.1 and earlier versions, as well as VMware Player, Server, Fusion, ESXi and ESX [... Access >>>
Premium Content for Free.
2009 Information Security magazine Readers' Choice Awards
For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.
Truth, lies and fiction about encryption
by Adrian Lane, Contributor
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.
- 2009 Information Security magazine Readers' Choice Awards
Security threats to virtual environments less theoretical, more practical
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.
- Security threats to virtual environments less theoretical, more practical
Security best practices in hotels
Accountability for Internet security should be placed on users, not service providers such as hotels.
Schneier-Ranum Face-Off: Is Perfect Access Control Possible?
Security experts Bruce Schneier and Marcus Ranum debate whether perfect access control is possible.
What does PCI compliance really mean?
Passing an audit can lull an organization into a false sense of security.
- Security best practices in hotels
More Premium Content Accessible For Free
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...