yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Hacker Leaks VMware ESX Source Code File
Apparently the file was filched off a Chinese web site belonging to the CEIEC by an Anonymous hacker

VMware has confirmed that one of its ESX hypervisor source code files was posted online.

Iain Mulholland, director of VMware's Security Response Center, posted the following event-minimizing message:

"Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

Apparently the file was filched off a Chinese web site belonging to the China National Electronics Import-Export Corporation (CEIEC) by an Anonymous hacker who goes by the name of Hardcore Charlie who posted it and what looks like internal VMware e-mail on Pastebin on April 8.

Mulholland told Kaspersky's Threatpost the e-mails were probably commentary "that were manually added into the company's source code repository to provide context for developers."

It's unclear how CEIEC came by the code. It's supposed to do systems integration for the Chinese military.

It is also unclear if VMware has called the cops. Depends on how you read their engaging "internal and external resources."

Charlie reportedly got access to CEIEC by hacking into hundreds of thousands of e-mail accounts at the e-mail hosting company, an adventure that has reportedly netted him a terabyte of confidential information from various Chinese companies, including a bunch of US military shipping documents from Afghanistan.

Customer vulnerability depends on what kind of code is out there. The wrong kind could lead to zero-day attacks or worse.

Eric Chiu, president of HyTrust, which secures VMware management stuff, guesses that that single file has little friends. (Charlie claims he downloaded 300MB of VMware code.) Chiu also says that 50% of enterprise data centers are now virtualized and that most of them virtualized by VMware and a lot of them are insecure.

VMware only made its default the somewhat more secure ESXi last year, when the first of the attacks on virtualized environments started happening, and given IT conservatism most VMware environments are probably on old code, which may or may not date to 2003-2004.

ESXi is more secure because of its smaller attack surface, Chiu said, which frankly doesn't sound all that reassuring.

Voltage Security VP Mark Bower said in a statement, "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications."

See and

About Maureen O'Gara
Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at) or paperboy(at), and by phone at 516 759-7025. Twitter: @MaureenOGara

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as w...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent bus...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables th...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enter...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers