'AES in a number popular cryptographic libraries including OpenSSL,
PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack
when run in Xen and VMware virtual machines, the most popular VMs used
by cloud service providers.'
Abstract: http://eprint.iacr.org/2014/248
Paper: http://eprint.iacr.org/2014/248.pdf
So in a nutshell, if you want to steal a website's private keys, you can
get an account on their hosting provider and at least have a shot at
getting on the same physical server ;-)
~Griffin
