Attack of the week: Cross-VM timing attacks

It may be because I'm cranky this evening but I found the author's sarcastic quips really fun to read.<p>On the content itself, it sounds like if you're not targeting a specific service, you could code this up and launch a few hundred c1.xlarge spot instances (larger instances =&#62; fewer neighbors) and just collect keys. Or am I totally underestimating the amount of manual work required post-processing?

Does anyone know if Amazon ec2 instances would actually be vulnerable to this attack? For instances with dedicated cpu being promised (i.e. everything except micro), it seems reasonable that they'd be running Xen with processor affinity turned on, thereby preventing any attack exploiting L1 cache.

Amazingly cool, and nice writing. I tried to check out the paper linked at the bottom re. collocating an instance with a target VM but it's slow for me. Anyone know what the paper is?<p>What I'm curious about is if it would be possible to use a network of participating VMs on a public cloud to pass around messages untraceably from one party to another. Should certainly be easier to execute than the attack scenario they studied.

Website cannot be resized in a mobile browser.