Feeds

More VMware secret source splattered across internet

Rudely exposed 'visor kernel dates from 2004

Remote control for virtualized desktops

VMware has confirmed that the source code for old versions of its ESX technology was leaked by hackers over the weekend - but played down the significance of the spill.

The virtualisation giant said on Sunday that the exposed portions of its hypervisor date back to 2004, and the leak follows the disclosure of VMware source code in April.

"It is possible that more related files will be posted in the future," Iain Mulholland, VMware's director of platform security, explained. "We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate."

Mulholland said customers who apply the latest product updates and patches, in addition to following system hardening guidelines, ought to be protected against attacks developed in the wake of the code leak.

"By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected," he said.

A 2MB compressed archive of the software blueprints was uploaded into file-sharing networks and promoted by various tweeters on Sunday. Some of these tweets, posted with the hashtags #Anonymous #AntiSec and #SourcySleazySundays, claimed that the leaked code was the "full VMware ESX Server Kernel".

A person going by the name of Stun, who made the source code available, wrote: "It is the VMKernel from between 1998 and 2004, but as we all know, kernels don't change that much in programs, they get extended or adapted but some core functionality still stays the same."

The previous VMWare source code leak was accompanied by the publication of the company's internal emails via Pastebin by someone called Hardcore Charlie. The Anonymous-affiliated hacker claimed the information came from China National Electronics Import and Export (CEIEC), an engineering and electronics company outfit.

VMware said at the time that customers were not necessarily at greater risk as as result of the leak.

Hacktivists, to say nothing of state-sponsored cyber-espionage, have increased the threat of intellectual property theft for high-tech firms. The VMWare case is not unprecedented.

Earlier this year Symantec admitted source code for the 2006-era versions of the following products had been exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere. The security biz took the highly unusual step of advising customers of pcAnywhere to suspend use of the older versions of remote control desktop management software pending the release of a patch, which arrived within days of the warning.

An Indian hacktivist crew called the Lords of Dharmaraja claimed they lifted Symantec's source code from systems belonging to the Indian government.

Leaked versions of source code for older versions of Kaspersky Lab's security software appeared on file-sharing networks in January 2011. The Russian security firm blamed a rogue former employee for the leak. ®

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.