VMware source code stolen by hacker, published online

[Leeky]

VMware just became the latest victim of hackers, with the firm acknowledging a breach that resulted in source code for their ESX virtualization products being stolen and posted online. The attack is reportedly the work of a hacker known as Hardcore Charlie, who claims to have around 300MB of source code which VMware says dates back to 2003 and 2004.

The virtualization software house first became aware of the breach on April 23, after the posting on Pastebin of a single file pertaining to their VMware ESX source code. The company has warned that future public postings of source code are possible but insists there is little risk to those using their virtualization suite.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," Iain Mulholland, director of VMware's Security Response Center said in a statement. "VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today."

"We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available," Mulholland continued.

Speculation currently suggests that the source of the leak is a Chinese import-export company, the China National Electronics Import-Export Corporation (CEIEC), who suffered at the hands of hackers in March. At the time, it was reported that a potential 1 terabyte of data was stolen, according to the Guardian.

Hardcore Charlie confirmed in IRC conversations with Kaspersky that the stolen data can be traced back to the breach of Sina.com server resulting in thousands of email accounts being compromised. He went on to say that he enlisted the help of another hacker, @YamaTough to crack the cryptographic hashes securing the Sina data. Access to CEIEC was later found in emails once decrypted.

Kaspersky also later confirmed "what appear to be internal VMware communications, pasted onto CEIEC letterhead and with official looking stamps," which Mulholland speculated "were manually added into the company's source code repository to provide context for developers."

Permalink to story.

https://www.techspot.com/news/48365-vmware-source-code-stolen-by-hacker-published-online.html

 

[Guest]

And boom goes the dynamite?

 

[Guest]

Why Kaspersky won't say anything about Mac security now? Which version of Windows was hacked this time, in spite of one-week hole-filling updates?

 

[Guest]

"Why Kaspersky won't say anything about Mac security now? Which version of Windows was hacked this time, in spite of one-week hole-filling updates?"

Wow... jumping the boat already. There could be many things that could have happened and yet you already jumped the guy trying to defend Mac when this have nothing to do with it. There could be many reasons why the code was obtained. Hell, their code repository could be on a Linux server and that was hacked. Or perhaps one of the programmers who runs a Mac or Windows and lost their computer which have their password and other information that's needed to get access to the code? Who knows they could even have lost their computers and that have all the code on it and the news spin it as "VMWare was hacked!"

 

[carlwh123]

haha anything at all could happen and I imagine that guy would post "it's Windows to blame, Apple is awesome!!"