I was thinking that if all the installations were basically the same image (a default install that could then be configured by the account holders) it would be possible to discover a vulnerability with this distribution that could be exploited en masse. Crack one system, then run your exploit against all the other virtual systems running on that mainframe. See what I mean now? Now the attacker "has" all those systems---not the same thing as owning the mainframe but still a pretty big chuck of systems to have in your back pocket.
If you were installing some kind of distributed attack bot (or whatever, what do I know?) this might be particularly effective... and potentially annoying/damaging for both account holders, thier clients, and sites which may get attacked from this large group of comprimised systems. Easy enough to fix though (if the systems were configured well they could all be upgraded easily, etc).
Inshiro, if you are reading, I would be interested (as always) to hear what you think about this... Especially the damage control techniques which might need to be employed after the fact (we are talking about thousands of virtual systems here, apparently).
[ Parent ]