Vitualization Flaw in VMWare

Vitualization may not be the be all end all of security

VMware Flaw Shows Virtualized Systems Aren’t Necessarily More Secure, Boston Firm Argues -- Companies rushing to adopt virtualization technology have been eager to spread computing loads across fewer machines and thereby reduce IT costs. But many have also been drawn by the widely held belief that virtualization makes IT systems more secure, by isolating a physical host from the virtualized or “guest” operating systems and applications running on top of it—thereby keeping any security breaches in one from reaching the other. Yet a serious vulnerability in workstation virtualization software made by VMware (NYSE: VMW), discovered by engineers at Boston-based Core Security, shows that under some circumstances the wall between virtual and physical systems may be far thinner than most virtualization customers realize—and that, in the words of Core Security co-founder and CTO Iván Arce, “it’s wrong to think that just by spreading virtualization all over your organization you will be more secure.”