Oh, You’re Clouded?

by Karl Denninger Market-Ticker.org

Well now isn’t that special….

“This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.”

As I’ve pointed out before when you’re in a “cloud” environment you not only trust yourself.

You also trust both the owner of the hypervisor (the cloud operator) to not steal data via the hypervisor but you also must trust that the manufacturer didn’t screw the pooch and incidentally the same things that make a CPU very fast switching contexts have a risk of allowing same to expose your data when the switch takes place by inference if not directly.

Continue Reading at Market-Ticker.org…