VMware confirms source code hack
VMware has admitted that source code for its ESX virtualisation software had been posted online, although details about the hack remain scarce.
The company admitted that a posting to online forum Pastebin claimed by a hacker was genuine, but played down the potential security dangers of the hack.
“Our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future,” said Iain Mulholland, director of VMware’s Security Response Center, adding that the posted code and associated notes dated to 2003 and 2004.
“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers,” he said. “We will continue to provide updates to the VMware community if and when additional information is available.”
The release of source code and developer commentary is the latest in an odd string of document leaks that are tied back to attacks on China
The attack has been claimed by a hacker calling himself “Hardcore Charlie” who says he has 300MB of VMware code and plus code from other companies, but whether or not that’s true remains to be seen, with speculation linking it to an earlier attack on a Chinese agency.
“The release of source code and developer commentary is the latest in an odd string of document leaks that are tied back to attacks on CEIEC, the China Electronics Import and Export Corporation in March,” said security company Kaspersky in its Threatpost News Service.
“That breach is linked to a compromise of web-based email accounts.”