VMware confirms ESX source code had been stolen and published

[elvis]

http://www.theregister.co.uk/2012/04...rce_code_leak/

VMWare confirm source code was stolen and released, and it's likely more will be released. They're also downplaying the security risk to customers.

This is the second large scale embarrassing security breach for an EMC company (see the RSA random seed breach last year).

[Swathe]

Just saw this on slashdot. To say this is a major fail is an understatement.

[joe_sixpack]

My first thought is what version of the code has been taken.. Do you guys remember the Windows 2000 code release, it was only part of the full code base and not much, if anything(?) ever happened with it?

If it is an older version, I'm sure there are huge amounts of shared code between old releases and the current esx 5. What are we looking at here, backdoors to guest file systems, direct access to memory? I guess time will tell with this one..

[elvis]

If the source code is reviewed well enough internally, then there should be little to worry about. After all, Xen and KVM both have their source code out in the wild by design, and nobody is mass exploiting those.

Speaking for myself, the bigger worry is that this is the second successful targeted attack on an EMC company in a relatively short amount of time. My opinion of EMC and sub-companies was pretty low to begin with, and this isn't helping their reputation.

[joe_sixpack]

I think I'd be concerned around their hosting/management tools, like vDirector/vCenter being exploited and rogues having ability to do funky things to your infrastructure.

[ewok85]

ESX goes open source?

These sorts of leaks are usually fun as people pick over the leak and highlight the crazy coding decisions and all the fantastic comments.

[Primüs]

Quote:

Originally Posted by ewok85

ESX goes open source?

These sorts of leaks are usually fun as people pick over the leak and highlight the crazy coding decisions and all the fantastic comments.

This, when they think no one but internal developers will ever see what they are writing, then you get some weird shit. Once discovered a full back and forth convo on best practise on the positioning of the open code block ({), with each check in changing it to the developers preference haha.

That place had a company wide standard by the time i started though, this was just an old one i found :P

[ewok85]

I still remember the Windows 2000 source leak which was full of swearing and hilarious comments like "change this and I will kill you", and "this is $%&*ing ugly"

[elvis]

Quote:

Originally Posted by ewok85

I still remember the Windows 2000 source leak which was full of swearing and hilarious comments like "change this and I will kill you", and "this is $%&*ing ugly"

The beauty of open source is that all the swearing is publicly available:

http://www.vidarholen.net/contents/wordcount/