[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Publicity] More XSA 108 Coverage

FYI, some more XSA-108 from late Friday and over the weekend.

The Xen bug is both a good example of collective security and a warning of what can happen as IT shifts toward a greater reliance on cloud computing. The bug was discovered and interested parties notified before the full nature of the exploit was disclosed. Collective security action followed, apparently (at this early date) in time before any malicious code writers could act on the disclosure.

At the same time, the bug illustrates the cloud's dependence on one hypervisor or another and how a major hypervisor bug will affect more than one supplier. The growing, more uniform nature of x86 cloud environments represent a fatter target for highly skilled intruders to aim for, and a richer environment for manipulation if they succeed at getting inside.

http://www.theinquirer.net/inquirer/news/2373890/xen-reveals-serious-security-bug-that-affected-cloud-servers

ResponsibleÂvulnerabilityÂdisclosure is an ongoing matter of debate in the technology community.ÂGoogle announced a wave of reforms to its Chrome Bug Bounty Programme's submission policyÂon 1 October designed to make it easier for hunters

http://www.usnews.com/news/articles/2014/10/02/will-cloud-security-kill-the-password

Article mostly about iCloud server security breach, weak passwords. Xen Project listed as another cloud security example.

The latest security gap in a cloud-computing system wasÂannouncedÂThursday by the Xen Project software group, which has released a patch to repair a flaw in its platform that could affect cloud services offered by Amazon and Rackspace.


On Fri, Oct 3, 2014 at 4:14 PM, Sarah Conway <sconway@xxxxxxxxxxxxxxxxxxx> wrote:
Hi everyone.

In addition to eWeek, WSJ and ITNews, here is more coverage appearing since the advisory and blogs were issued this week.

Thanks,

Are Google's even lower prices -- and not using Xen -- tantalizing enough to switch to its services? Are the costs low enough to warrant a migration? Do you use Google Apps for Work, or Education? Let us know in the comments.

Serious hypervisor bug fix causes unexpected cloud downtime
http://threatpost.com/serious-hypervisor-bug-fix-causes-unexpected-cloud-downtime/108660

(reporter we "talked" to on Twitter)

CoreOS commentary on XSA-108

The Shellshock vulnerability and the even more recent Xen hypervisor vulnerability remind us of an important fact of enterprise IT: server OS patching is hard

CoreOS is trying to simplify OS patching. According to CoreOS CEO Alex Polvi, who was a guest on a recent Cloudcast podcast, CoreOS can solve patching headaches. The long-term value proposition of the CoreOS primary product of the same name is to bring Google Chrome-like updates to server updates.



--
Sarah Conway
PR Manager
The Linux Foundation
sconway@xxxxxxxxxxxxxxxxxxx
(978) 578-5300 ÂCell
Skype: Âsarah.k.conway



--
Sarah Conway
PR Manager
The Linux Foundation
sconway@xxxxxxxxxxxxxxxxxxx
(978) 578-5300 ÂCell
Skype: Âsarah.k.conway
_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.