yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Hacker Leaks VMware ESX Source Code File
Apparently the file was filched off a Chinese web site belonging to the CEIEC by an Anonymous hacker

VMware has confirmed that one of its ESX hypervisor source code files was posted online.

Iain Mulholland, director of VMware's Security Response Center, posted the following event-minimizing message:

"Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

Apparently the file was filched off a Chinese web site belonging to the China National Electronics Import-Export Corporation (CEIEC) by an Anonymous hacker who goes by the name of Hardcore Charlie who posted it and what looks like internal VMware e-mail on Pastebin on April 8.

Mulholland told Kaspersky's Threatpost the e-mails were probably commentary "that were manually added into the company's source code repository to provide context for developers."

It's unclear how CEIEC came by the code. It's supposed to do systems integration for the Chinese military.

It is also unclear if VMware has called the cops. Depends on how you read their engaging "internal and external resources."

Charlie reportedly got access to CEIEC by hacking into hundreds of thousands of e-mail accounts at the e-mail hosting company, an adventure that has reportedly netted him a terabyte of confidential information from various Chinese companies, including a bunch of US military shipping documents from Afghanistan.

Customer vulnerability depends on what kind of code is out there. The wrong kind could lead to zero-day attacks or worse.

Eric Chiu, president of HyTrust, which secures VMware management stuff, guesses that that single file has little friends. (Charlie claims he downloaded 300MB of VMware code.) Chiu also says that 50% of enterprise data centers are now virtualized and that most of them virtualized by VMware and a lot of them are insecure.

VMware only made its default the somewhat more secure ESXi last year, when the first of the attacks on virtualized environments started happening, and given IT conservatism most VMware environments are probably on old code, which may or may not date to 2003-2004.

ESXi is more secure because of its smaller attack surface, Chiu said, which frankly doesn't sound all that reassuring.

Voltage Security VP Mark Bower said in a statement, "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications."

See and

About Maureen O'Gara
Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at) or paperboy(at), and by phone at 516 759-7025. Twitter: @MaureenOGara

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
In the midst of the widespread popularity and adoption of cloud computing, it seems like everything is being offered “as a Service” these days: Infrastructure? Check. Platform? You bet. Software? Absolutely. Toaster? It’s only a matter of time. With service providers positioning ...
Agile, which started in the development organization, has gradually expanded into other areas downstream - namely IT and Operations. Teams – then teams of teams – have streamlined processes, improved feedback loops and driven a much faster pace into IT departments which have had ...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve relia...
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society-changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in t...
Internet of Things is moving from being a hype to a reality. Experts estimate that internet connected cars will grow to 152 million, while over 100 million internet connected wireless light bulbs and lamps will be operational by 2020. These and many other intriguing statistics hi...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers