SD TIMES BLOG

No one seems to know who, where or how. But this security update from VMware sure makes it sound like what we've all feared is true: Hypervisors can be compromised from the code they run in their bellies. Joanna Rutkowska gave a talk back in 2006 at Black Hat about her Red Pill and Blue Pill. I'm not covering super-duper cutting-edge security much, outside of the development side, these days. But this patch from VMware did catch my eye because I hadn't yet heard of any host compromising exploits for hypervisors in the wild. I could easily not be "with it," but right now, it looks like the cool kids in the know are out there. Beware! 

As if it's a surprise that these virtualization exploits were still being researched by the bad guys. I think the frightening thing here is that, somewhere, someone had code, and now VMware is aware of it. That's scary. I'd rather know that VMware figured it out themselves. Or that Rutkowska or her cohorts had contributed some new information. Either way, watch your VMs. They may be watching you!

Clarification: The security hole here works like this: I run Windows in a VM on my Linux desktop. I run some horribly trojan-ridden Windows program with the exploit in question inside of it. This exploit, when run inside of a virtual machine, leaps up and compromises the hypervisor, likely through an overflow of some known type. The compromised hypervisor is then a slave to run what-have-you. Local priv escalations could be fired up to the Linux OS. As I understand it, the Red Pill is this type of attack. Beware of pulling apart malware in non-updated copies of Fusion, researchers.

The Blue Pill, on the other hand, is a hypervisor-as-trojan. You run something, it installs virtualization software. Upon reboot, your desktop OS is launched seamlessly as a guest operating system inside of a trojan (invisible to the user) hypervisor. This patch has little to do with the blue pill. The question with the blue pill becomes, "How do I tell if I am running inside a hypervisor?" How do you know when the nightmare is over?

Hope I got the colors right. I wouldn't want to wake up inside the rabbit hole. 

Comments

Add comment


 
 

biuquote
  • Comment




 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?


 
blogs tab
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
02/09/2012 02:16 PM EST

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

 
Events calendar tab
2/13/2012 to 2/16/2012
Santa Clara
TechWeb

2/26/2012 to 2/29/2012
San Francisco
BZ Media

2/27/2012 to 3/2/2012
San Francisco
RSA

3/4/2012 to 3/7/2012
Las Vegas
IBM Tivoli

3/5/2012 to 3/9/2012
San Francisco
TechWeb