Wednesday, April 25, 2012

VMware Source Code Leaks

betanews - VMware source code leak: 'IT equivalent of the Deepwater Horizon oil spill'

"VMware has confirmed that a portion the the source code for its ESX hypervisor was compromised, although the code dates back as early as 2003. That said, a fairly significant portion of the company's customers are still using the platform as VMware works to push them towards its newer hypervisor called ESXi.

A hypervisor in the simplest terms is a virtual machine management platform on which several virtual machines can run concurrently. The hypervisor controls the sharing of virtualized hardware resources. ESXi has a far smaller attack surface, which limits the available avenues of attack on a installation.

The code was posted to Pastebin by a LulzSec-related hacker who goes by the handle "Hardcore Charlie" on April 8. ...

...

Paul Roberts, blogger with Kaspersky Lab's ThreatPost, calls the breach the "IT equivalent of the Deepwater Horizon oil spill disaster", pointing to the fact that VMware itself cannot rule out that its own source code repository may have been hacked.

Roberts is not referring only to the VMware code, but a chunk of other sensitive data that has "bubbled up" from the CEIEC breach ..."

In a word... ouch...

No comments: