All I can think of when I see the acronym in the article is For Fuck's Sake...

From my understanding, this essentially allows an attacker to compromise specific memory of a victim VM by bit flipping, since the host uses shared memory for both if the contents are the same. This would allow the attacker to then change the contents of the memory to something malicious and the victim VM would not know.

Let me know if I'm wrong; I think this is essentially the attack based on my understanding of the article. I didn't watch the 5 minute OpenSSH video in the article, though.

Essentially yes. But note that it is using a row hammer attack to physically flip the bit in the shared memory. Doing so bypasses the normal copy-on-write shared memory safeguard. https://en.wikipedia.org/wiki/Row_hammer

>We have registered all possible domains that are one bit flip away from ubuntu.com and debian.org. We would like to hand these domains over to the correct authority. Please get in touch if you think you are one.

Aha! https://www.youtube.com/watch?v=lZ8s1JwtNas is a talk about "bitsquatting" along the same lines. I'm sure I've seen a newer talk about it too

Edit: https://www.youtube.com/watch?v=ZPbyDSvGasw is the other video, which also looks at the behaviour of various clients

Yep. Artem's web page has more information as well:

http://dinaburg.org/bitsquatting.html

Does anyone know how step #1 works in practice? How can you detect which addresses correspond to same cells in neighboring rows?

Using something like https://github.com/google/rowhammer-test

tl;dr: You check. Allocate some memory and hammer it. If you detect flips, step 1 is complete.