VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers
VMware, the global leader in virtualization and cloud infrastructure again faced cyber attack. Earlier in this year a hacker named "Hardcore Charlie" had stolen files from its ESX server hypervisor source code has been posted online. In that attack the hacker managed to steal more than 300MB source code of VMWare products. Here also after 6 months another hacker named Stun (57UN) claiming to be affiliated with hacker collective Anonymous managed to hack the source code of VMware's ESX kernel. Immediately after the breach the hacker tweeted a link to a torrent site hosting the stolen VMkernel source code. In their official blog post VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code was indeed stolen. But VMware also confirmed that leaked is source code that dates back to 1998-2004 which was previously leaked Hardcore Charlie. VMware also said that it is investigating what actions to take next. The torrent file posted by 57UN is leading to download you the source code of VMware ESX, that is sized almost 2MB.
In a security note VMware said- "our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate. Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate..." VMware also encouraged its customers to view the May 3, 2012 security patch information as a resource.
While talking about source code leak, we want to remind you that couple of months ago this hacker (57UN) stolen the source code of Skype. Also earlier in 2012 another hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton Symantec.
