VMware confirms ESX source code had been stolen and published

Discussion in 'Business & Enterprise Computing' started by elvis, Apr 26, 2012.

  1. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    30,836
    Location:
    Brisbane
    http://www.theregister.co.uk/2012/04/25/vmware_source_code_leak/

    VMWare confirm source code was stolen and released, and it's likely more will be released. They're also downplaying the security risk to customers.

    This is the second large scale embarrassing security breach for an EMC company (see the RSA random seed breach last year).
     
  2. Swathe

    Swathe (Banned or Deleted)

    Joined:
    Mar 23, 2007
    Messages:
    2,512
    Location:
    Rockhampton
    Just saw this on slashdot. To say this is a major fail is an understatement.
     
  3. joe_sixpack

    joe_sixpack Member

    Joined:
    Jan 21, 2002
    Messages:
    2,850
    Location:
    Brisbane
    My first thought is what version of the code has been taken.. Do you guys remember the Windows 2000 code release, it was only part of the full code base and not much, if anything(?) ever happened with it?

    If it is an older version, I'm sure there are huge amounts of shared code between old releases and the current esx 5. What are we looking at here, backdoors to guest file systems, direct access to memory? I guess time will tell with this one.. :Paranoid:
     
  4. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    30,836
    Location:
    Brisbane
    If the source code is reviewed well enough internally, then there should be little to worry about. After all, Xen and KVM both have their source code out in the wild by design, and nobody is mass exploiting those.

    Speaking for myself, the bigger worry is that this is the second successful targeted attack on an EMC company in a relatively short amount of time. My opinion of EMC and sub-companies was pretty low to begin with, and this isn't helping their reputation.
     
  5. joe_sixpack

    joe_sixpack Member

    Joined:
    Jan 21, 2002
    Messages:
    2,850
    Location:
    Brisbane
    I think I'd be concerned around their hosting/management tools, like vDirector/vCenter being exploited and rogues having ability to do funky things to your infrastructure.
     
  6. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,074
    Location:
    Tokyo, Japan
    ESX goes open source? :lol:

    These sorts of leaks are usually fun as people pick over the leak and highlight the crazy coding decisions and all the fantastic comments.
     
  7. Primüs

    Primüs Member

    Joined:
    Apr 1, 2003
    Messages:
    3,321
    Location:
    CFS
    This, when they think no one but internal developers will ever see what they are writing, then you get some weird shit. Once discovered a full back and forth convo on best practise on the positioning of the open code block ({), with each check in changing it to the developers preference haha.

    That place had a company wide standard by the time i started though, this was just an old one i found :p
     
  8. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,074
    Location:
    Tokyo, Japan
    I still remember the Windows 2000 source leak which was full of swearing and hilarious comments like "change this and I will kill you", and "this is $%&*ing ugly"
     
  9. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    30,836
    Location:
    Brisbane
    The beauty of open source is that all the swearing is publicly available:

    http://www.vidarholen.net/contents/wordcount/

    :lol:
     

Share This Page