Griffin Boyce <[email protected]> writes: >'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL >and Libgcrypt are vulnerable to Bernsteinâs correlation attack when run in >Xen and VMware virtual machines, the most popular VMs used by cloud service >providers.'
That's just another proof of the inverse of Law #1 of the 10 Immutable Laws of Security, "If a bad guy can persuade you to run his program on your computer, itâs not your computer any more". The inverse is the Immutable Law of Cloud Computing Security, "If a bad guy can persuade you to run your program on his computer, itâs not your program any more". Peter.
