Subverting Xen Hypervisor – Is Amazon EC2 really safe?

Well, folks at Google Cloud Group are discussing the Xen Hypervisor vulnerability and exploitpresented Part 1, Part 2, Part 3 at Black Hat conference in Vegas. Amazon EC2 infrastructure uses Xen at the backend for providing virtual instances. So is EC2 vulnerable?

As Cloudscale founder Randy Bias mentions, the dom0 is not accessible outside Amazon, this exploit may not really be a problem, unless of course there is some misconfiguration or somehow dom0 is accessible to someone outside Amazon.

What is Amazon being used for as of today – when we don’t have persistance in an instance – for one – those are compute and processing tasks, typically run on multiple instances and are capable of surviving or resuming after a few instance or node failures. There are others – the web 2.0 folks and they might have issues – if they have a few instances supporting their web 2.0 products and hosted infrastrucutre and this hack causes their instances to go down – they lose business. But then at this stage, chances of this vulnerability getting exploited are about the same as Amazon EC2 or S3 going down due it its own teething problems and I think users are aware of those and prepared for them as well.