Researchers Warn Linux Vendors About Cloud-Memory Hacking Trick

An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."

Host Your Own. Cloud Experiment Is A Fail.

[zenlessyank]

Looks folks, I know you wanted to save cash for your trips to private islands and jet planes, but sometimes you just have to pony up. Trying to have your shit hosted on a 3rd party platform is foolish. There are more important things than saving a quick buck because you didn't want to buy infrastructure. Welp Too bad.

how does this work

[samantha]

How does the attacker know what memory pages are what in the targets VM space? That seems like quite a trick. Or is Amazon sharing various pages among all machines that are known to the public somehow? I am not a cracker myself so I don't really get how the attacker has this information.