undefined | Better HN

0 pointsoh-kumudo8y ago0 comments

> The infrastructure that runs Compute Engine and isolates customer workloads from each other is protected against known attacks. This also means that customer VMs are protected against known, infrastructure-based attacks from other malicious VMs.

Doesn't Google say that they are protected...?

0 comments

thesandlord8y ago

This means that Customer A's VM cannot attack Customer B's VM.

However, if the OS inside the VM is unpatched, then code inside the VM can attack other code inside the VM. If for example you install some malware on your VM, it could use this attack.

(I am not a security expert, this is just my understanding and not a official Google statement)

oh-kumudoOP8y ago

Right. But it means that once the VM is fixed, assuming the customer does this, they are guarded from such attack right?

rurban8y ago

Not against Spectre, which can extract any memory via javascript or user applications. Eg your secret keys or passwords

1 more reply

j / k navigate · click thread line to collapse