VMware has confirmed that software posted online is part of the source code for its ESX hypervisor and has warned that more code could be released. The code was posted by a hacker calling himself Hardcore Charlie and may come from military contractor China National Import & Export Corp (CEIEC), which he claimed to have …
I can only hope that the theft & leak of the code will enable someone to create an more polished version of the pigs ear that is the vSphere client.
Anon because for me, virtualisation is where the beer tokens come from.
s/an m/a m/
But surely there is a copyright notice at the top?
So no-one can make use of it, right?
Re: No problem?
Of course... and a year from now when an obscure Chinese software comes out with their own "new" hypervisor I'm sure they will at least have removed the "Copyright VmWare All Rights Reserved" ; )
"The CEIEC has denied that its servers were breached."
Well of course they would. The Chinese servers dont get hacked, the Chinese only hack other countries servers.
Re: "The CEIEC has denied that its servers were breached."
If the source being released contains highly confidential and proprietary codes, I'm surprised they were accessing from the net at all.
More likely, a yellow skinned man walked right up to the head developer's desk and took out the master code and walked out at 3am in the morning.
Syndicate. It's becoming reality.
Surely the publication of the VMware source code will mean that security researchers are more likely to find the holes, report them to VMware, and get them patched?
Re: Less secure??
Depends whos faster off the mark, my bets on the crooks.
Re: Less secure??
yep... cos that's how it works....
Yes, A Securities Problem
I guess they fear their stock price will tank when the steaming pile of commercialware code is show the light.
Cheaper virtualisation inbound.
There are already Xen, KVM and some more open source VMs.
Re: Why ?
Yawn ... bored now ...
Old code if it dates back to 2003. Nothing exciting to see here.
An excerpt of the stolen code
Since when does "code" look like a directory listing?
What kind of new fangled language is this?
Re: An excerpt of the stolen code
at a guess, because its the source code build files (not a coder, excuse my terminology) in the screenshot and not the actual line by line code itself.
regardless, according to the article its ESX which is based on *shhh dont tell anyone* redhat linux.
ESXi is the significantly better and more recent hypervisor from vmware which pretty much eliminates all the attack vectors exposed in the previous ESX/redhat OS.
everyone has upgraded their infrastructure to ESXi by now, havent they? ;-)