ad.min.i.an

Hoff over at Rational Survivability brings a good point (read, duh [but most don't do]) to light — Follow the suggested security guidelines. How many times have we followed the step-by-step setup instructions, and we don’t give security a second thought. Could it be because the security guidelines are not step-by-step…who knows? If Schneier is right, and security will just become part of it…maybe a good place to start is to integrate the security into the setup and documentation. Even if the vendor doesn’t — you should.

An interesting quote on VMWare from his post.

Jon Oberheide, a researcher and PhD candidate at the University of Michigan, is releasing a proof-of-concept tool called Xensploit that lets an attacker take over the VM’s hypervisor and applications, and grab sensitive data from the live VMs.

Really?  Take over the hypervisor, eh?  Hmmmm.  That sounds super-serious!  Oh, the humanity!

I’ve got to agree…

Tags: Security, Thoughts, VMWare, Hypervisor, Xensploit, Shoutout