Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Hacker Leaks VMware ESX Source Code File
Apparently the file was filched off a Chinese web site belonging to the CEIEC by an Anonymous hacker

VMware has confirmed that one of its ESX hypervisor source code files was posted online.

Iain Mulholland, director of VMware's Security Response Center, posted the following event-minimizing message:

"Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

Apparently the file was filched off a Chinese web site belonging to the China National Electronics Import-Export Corporation (CEIEC) by an Anonymous hacker who goes by the name of Hardcore Charlie who posted it and what looks like internal VMware e-mail on Pastebin on April 8.

Mulholland told Kaspersky's Threatpost the e-mails were probably commentary "that were manually added into the company's source code repository to provide context for developers."

It's unclear how CEIEC came by the code. It's supposed to do systems integration for the Chinese military.

It is also unclear if VMware has called the cops. Depends on how you read their engaging "internal and external resources."

Charlie reportedly got access to CEIEC by hacking into hundreds of thousands of e-mail accounts at the e-mail hosting company Sina.com, an adventure that has reportedly netted him a terabyte of confidential information from various Chinese companies, including a bunch of US military shipping documents from Afghanistan.

Customer vulnerability depends on what kind of code is out there. The wrong kind could lead to zero-day attacks or worse.

Eric Chiu, president of HyTrust, which secures VMware management stuff, guesses that that single file has little friends. (Charlie claims he downloaded 300MB of VMware code.) Chiu also says that 50% of enterprise data centers are now virtualized and that most of them virtualized by VMware and a lot of them are insecure.

VMware only made its default the somewhat more secure ESXi last year, when the first of the attacks on virtualized environments started happening, and given IT conservatism most VMware environments are probably on old code, which may or may not date to 2003-2004.

ESXi is more secure because of its smaller attack surface, Chiu said, which frankly doesn't sound all that reassuring.

Voltage Security VP Mark Bower said in a statement, "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications."

See http://blogs.vmware.com/security/2012/04/vmware-security-note.html and http://threatpost.com/en_us/blogs/e-mail-source-code-vmware-bubbles-compromised-chinese-firm-042412.

About Maureen O'Gara
Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025. Twitter: @MaureenOGara

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Next-Gen Cloud. Whatever you call it, there’s a higher calling for cloud computing that requires providers to change their spots and move from a commodity mindset to a premium one. Businesses can no longer maintain the status quo that today’s service providers offer. Yes, the con...
The social media expansion has shown just how people are eager to share their experiences with the rest of the world. Cloud technology is the perfect platform to satisfy this need given its great flexibility and readiness. At Cynny, we aim to revolutionize how people share and or...
Cloud backup and recovery services are critical to safeguarding an organization’s data and ensuring business continuity when technical failures and outages occur. With so many choices, how do you find the right provider for your specific needs? In his session at 14th Cloud Expo...
This white paper digs deep into the reasons testing mobile apps is fundamentally harder than traditional web or desktop applications. Experts Tina Zhuo and Dennis Schultz from IBM along with Yoram Mizrachi from Perfecto Mobile and John Montgomery from uTest collaborate to explore...
Web conferencing in a public cloud has the same risks as any other cloud service. If you have ever had concerns over the types of data being shared in your employees’ web conferences, such as IP, financials or customer data, then it’s time to look at web conferencing in a private...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE

Breaking Cloud Computing News
Parsons is pleased to announce that it has acquired Secure Mission Solutions, a premier provider of ...