Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 26th April 2012, 8:26 AM   #1
elvis Thread Starter
(Taking a Break)
 
elvis's Avatar
 
Join Date: Jun 2001
Location: Brisbane
Posts: 22,701
Default VMware confirms ESX source code had been stolen and published

http://www.theregister.co.uk/2012/04...rce_code_leak/

VMWare confirm source code was stolen and released, and it's likely more will be released. They're also downplaying the security risk to customers.

This is the second large scale embarrassing security breach for an EMC company (see the RSA random seed breach last year).
elvis is offline   Reply With Quote

Join OCAU to remove this ad!
Old 26th April 2012, 9:46 AM   #2
Swathe
Member
 
Swathe's Avatar
 
Join Date: Mar 2007
Location: Rockhampton
Posts: 2,439
Default

Just saw this on slashdot. To say this is a major fail is an understatement.
__________________
People reckon I'm too patronising (That means I treat them as if they're stupid).
Over $10k in trades
http://www.gentoo.org/
OCAU MetaL Club Member #207
Swathe is online now   Reply With Quote
Old 26th April 2012, 10:03 AM   #3
joe_sixpack
Member
 
joe_sixpack's Avatar
 
Join Date: Jan 2002
Location: Logan City, QLD
Posts: 2,835
Default

My first thought is what version of the code has been taken.. Do you guys remember the Windows 2000 code release, it was only part of the full code base and not much, if anything(?) ever happened with it?

If it is an older version, I'm sure there are huge amounts of shared code between old releases and the current esx 5. What are we looking at here, backdoors to guest file systems, direct access to memory? I guess time will tell with this one..
__________________
"I don't stop eating when I'm full.. The meal isn't over when I'm full... The meal is over when I hate myself" - Louis CK.
joe_sixpack is online now   Reply With Quote
Old 26th April 2012, 10:20 AM   #4
elvis Thread Starter
(Taking a Break)
 
elvis's Avatar
 
Join Date: Jun 2001
Location: Brisbane
Posts: 22,701
Default

If the source code is reviewed well enough internally, then there should be little to worry about. After all, Xen and KVM both have their source code out in the wild by design, and nobody is mass exploiting those.

Speaking for myself, the bigger worry is that this is the second successful targeted attack on an EMC company in a relatively short amount of time. My opinion of EMC and sub-companies was pretty low to begin with, and this isn't helping their reputation.
elvis is offline   Reply With Quote
Old 26th April 2012, 11:01 AM   #5
joe_sixpack
Member
 
joe_sixpack's Avatar
 
Join Date: Jan 2002
Location: Logan City, QLD
Posts: 2,835
Default

I think I'd be concerned around their hosting/management tools, like vDirector/vCenter being exploited and rogues having ability to do funky things to your infrastructure.
__________________
"I don't stop eating when I'm full.. The meal isn't over when I'm full... The meal is over when I hate myself" - Louis CK.
joe_sixpack is online now   Reply With Quote
Old 26th April 2012, 12:08 PM   #6
ewok85
Member
 
ewok85's Avatar
 
Join Date: Jul 2002
Location: Tokyo, Japan
Posts: 7,953
Default

ESX goes open source?

These sorts of leaks are usually fun as people pick over the leak and highlight the crazy coding decisions and all the fantastic comments.
__________________
半ばは自己の幸せを、半ばは他人の幸せを
http://www.leonjp.com - Rants and info about living in Japan
http://forums.expatjapan.net - The Expat Japan Network!
ewok85 is offline   Reply With Quote
Old 26th April 2012, 3:44 PM   #7
Primüs
Member
 
Primüs's Avatar
 
Join Date: Oct 2005
Location: Coffs Harbour, NSW
Posts: 2,898
Default

Quote:
Originally Posted by ewok85 View Post
ESX goes open source?

These sorts of leaks are usually fun as people pick over the leak and highlight the crazy coding decisions and all the fantastic comments.
This, when they think no one but internal developers will ever see what they are writing, then you get some weird shit. Once discovered a full back and forth convo on best practise on the positioning of the open code block ({), with each check in changing it to the developers preference haha.

That place had a company wide standard by the time i started though, this was just an old one i found :P
__________________
I has blog!
Primüs is offline   Reply With Quote
Old 26th April 2012, 4:59 PM   #8
ewok85
Member
 
ewok85's Avatar
 
Join Date: Jul 2002
Location: Tokyo, Japan
Posts: 7,953
Default

I still remember the Windows 2000 source leak which was full of swearing and hilarious comments like "change this and I will kill you", and "this is $%&*ing ugly"
__________________
半ばは自己の幸せを、半ばは他人の幸せを
http://www.leonjp.com - Rants and info about living in Japan
http://forums.expatjapan.net - The Expat Japan Network!
ewok85 is offline   Reply With Quote
Old 26th April 2012, 5:02 PM   #9
elvis Thread Starter
(Taking a Break)
 
elvis's Avatar
 
Join Date: Jun 2001
Location: Brisbane
Posts: 22,701
Default

Quote:
Originally Posted by ewok85 View Post
I still remember the Windows 2000 source leak which was full of swearing and hilarious comments like "change this and I will kill you", and "this is $%&*ing ugly"
The beauty of open source is that all the swearing is publicly available:

http://www.vidarholen.net/contents/wordcount/

elvis is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 9:24 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd. -
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Internode!