Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer … [Read more...] about Pwn2Own hacking contest ends with two virtual machine escapes
Os virtual machine
If you want to stop someone from driving a car, you can take away the keys. Quick, easy and effective. Alternatively, removing the wheels and engine will work, too.A container is an OS extension that takes away keys, leaving the OS intact. A virtual machine (VM) reworks the architecture, separating the car from the wheels and engine. Taking the keys is easy, but the driver might have spares, and a car can be hot-wired in about a billion ways. Removing the wheels and engine is a lot of trouble, but the car won’t move without them. And when you mount snow tires, that removable wheel architecture is handy.Time-sharing computersContainers and VMs go back to the beginning of time-sharing, an outstanding advance in mid-twentieth century computing. A single time-sharing computer supports multiple users running multiple tasks at the same time. Each user thinks they control the entire machine.But time-sharing users must be protected from each other. A user’s broken code can bring … [Read more...] about Containers and virtual machines: Which is best for you?
Create Virtual Machines in Linux Using KVM – Part 1 This tutorial discusses KVM introduction, deployment and how to use it to create virtual machines under RedHat based-distributions such as RHEL/CentOS7 and Fedora 21. What is KVM? KVM or (Kernel-based Virtual Machine) is a full virtualization solution for Linux on Intel 64 and AMD 64 hardware that is included in the mainline Linux kernel since 2.6.20 and is stable and fast for most workloads. KVM Feautres There are many useful features and advantages which you will gain when you use KVM to deploy your virtual platform. KVM hypervisor supports following features: Over-committing : Which means allocating more virtualized CPUs or memory than the available resources on the system. Thin provisioning : Which allows the allocation of flexible storage and optimizes the available space for every guest virtual machine. Disk I/O throttling : Provides the ability to set a limit on disk I/O requests sent from virtual machines to the host … [Read more...] about How to Create Virtual Machines in Linux Using KVM (Kernel-based Virtual Machine)
VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.The team's exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.Pwn2Own is an annual hacking contest organized by Trend Micro's Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, Canada. … [Read more...] about VMware patches critical virtual machine escape flaws
Continuing to move forward with the XenServer series, this article will approach the creation of the actual guests themselves (often called virtual machines). Update: In May 2016, Citrix released the new version of the XenServer 7 platform. For installation follow: Fresh Installation of XenServer 7. Create and Install Guest Virtual Machines in XenServer This article will assume all the previous articles covering networking, patching, and storage have been completed. Thankfully, no more new terminology really needs to be discussed and the creation of the guests can begin! System Review At this point, a lot has been configured on this XenServer host. This will serve as a quick review about what has been configured and which article the topic was discussed. XenServer 6.5 was installed to the server https://www.tecmint.com/citrix-xenserver-installation-and-network-configuration-in-linux/ All XenServer 6.5 patches have been applied … [Read more...] about How to Create and Install Guest Virtual Machines in XenServer