yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Hacker Leaks VMware ESX Source Code File
Apparently the file was filched off a Chinese web site belonging to the CEIEC by an Anonymous hacker

VMware has confirmed that one of its ESX hypervisor source code files was posted online.

Iain Mulholland, director of VMware's Security Response Center, posted the following event-minimizing message:

"Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

Apparently the file was filched off a Chinese web site belonging to the China National Electronics Import-Export Corporation (CEIEC) by an Anonymous hacker who goes by the name of Hardcore Charlie who posted it and what looks like internal VMware e-mail on Pastebin on April 8.

Mulholland told Kaspersky's Threatpost the e-mails were probably commentary "that were manually added into the company's source code repository to provide context for developers."

It's unclear how CEIEC came by the code. It's supposed to do systems integration for the Chinese military.

It is also unclear if VMware has called the cops. Depends on how you read their engaging "internal and external resources."

Charlie reportedly got access to CEIEC by hacking into hundreds of thousands of e-mail accounts at the e-mail hosting company, an adventure that has reportedly netted him a terabyte of confidential information from various Chinese companies, including a bunch of US military shipping documents from Afghanistan.

Customer vulnerability depends on what kind of code is out there. The wrong kind could lead to zero-day attacks or worse.

Eric Chiu, president of HyTrust, which secures VMware management stuff, guesses that that single file has little friends. (Charlie claims he downloaded 300MB of VMware code.) Chiu also says that 50% of enterprise data centers are now virtualized and that most of them virtualized by VMware and a lot of them are insecure.

VMware only made its default the somewhat more secure ESXi last year, when the first of the attacks on virtualized environments started happening, and given IT conservatism most VMware environments are probably on old code, which may or may not date to 2003-2004.

ESXi is more secure because of its smaller attack surface, Chiu said, which frankly doesn't sound all that reassuring.

Voltage Security VP Mark Bower said in a statement, "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications."

See and

About Maureen O'Gara
Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at) or paperboy(at), and by phone at 516 759-7025. Twitter: @MaureenOGara

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileg...
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SY...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Ind...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers