Presented at
The Last HOPE (2008),
July 18, 2008, noon
(60 minutes)
Virtualized technologies are being lapped up left, right, and center by corporates committed to the cash savings they promise. Sadly, the savings that can be gleaned are not without the attendant risk. Instead of nice normal networks that people can understand, many vendors are offering networks in a box. As well as being lovely single points of failure, they have a number of risks that remain largely unexplored. Research has already been conducted around platform virtualization technologies such as VMWare, but there still exists a fundamental flaw within virtualized resource technologies that no one seems to have spotted. This talk will illustrate why and how virtualization works, what the difference is between what the vendors say and how it is being implemented in RL, and will discuss a theoretical vulnerability that if it can be exploited can bring down the house of cards.
Presenters:
-
Michael Kemp
Michael Kemp is an experienced UK based security consultant, with a specialism in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, he has been published in a range of journals and magazines, including heise, Network Security, Inform IT, and Security Focus. He is currently preparing his first book length technical manuscript. To date, he has worked for NGS Software, CSC (Computer Sciences Corporation), and a host of freelance clients throughout the globe. Presently, he is working in a day job for UK security consultancy, Orthus Ltd, and planning on touting his shoddy wares via a new start up, which keeps not starting up thanks to life getting in the way. When not breaking things, Michael enjoys loud music, bad movies, weird books, and writing about himself in the third person.
Links:
Similar Presentations: