[derpmaster]

The cult of the cloud is great business for me since I specialize in finding VMM and KVM bugs.

Since corporations want to cheap out and host their previously secure physical boxes all on one server with a wide open console and management system to get into this has made pentesting much easier.

I especially like projects like Whonnix, where fools construct this complex layer of virtual machines on top of virtual machines. It's like taking the shit sandwich of blobs and bugs that is x64 architecture and ethernet drivers, and building a whole mountain of shit right on top then calling it secure.

The cloud definitely has some benefits, but if you're handling finance or require serious privacy better shell out for some OpenBSD racks, virtualize the routing table and set up pf firewalls to isolate the network with real actual isolation and not pretend magic isolation. Best of all there's just one operating system, not three of them piled on top of each other.

[openbsd_bitwise]

derpmaster....working on delivering a cloud infrastructure (VMware 5.0)leveraging OpenBSD-based security appliances (GeNUA)for the security perimeter. Would appreciate any insights on securing cloud infrastructure with OpenBSD. Do you have a website and do you offer any services with respect to cloud infrastructure penetration/security design/security testing?

Would be interested in VMM bugs with respect to VMware.

Thanks.

Ron (ron.szpak@gmail.com)