Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host

Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"

well, shitlord...

which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"

Well, "Qubes security researcher", which platform did you choose for your project, and did you audit it fully before making your releases? No?

Which raises the age-old question: Has Qubes been written by competent developers?

Re: Computer security is really, really hard

[Dog-Cow]

While you're at it, build your own fucking universe where everything is secure from the subatomic particle on up. If you don't your task is impossible. The end.

Re:Computer security is really, really hard

[Time_Ngler]

No, you're wrong. All programs have to run on hardware, which can't be proven to run the way its supposed to. Full stop.