UPDATED 11:01 EST / APRIL 27 2012

NEWS

LulzSec Leaked VMware Code Raises Concerns and Implications

In an already busy week for cybersecurity news, it was revealed this week that source code for VMware ESX Hypervisor was leaked onto Pastebin.  A member of the notoriously familiar group LulzSec was identified as the source of the leak.

A LulzSec hacker known as “Hardcore Charlie” was tied recently to an attack on China’s CEIEC, a defense contractor.  In that attack, Hardcore Charlie obtained and subsequently released thousands of internal documents, ostensibly looking for secret military information regarding US war efforts in Afghanistan.  The Guardian reports that the leaked code, up to 300MB worth was a part of that CEIEC breach where as much as 1TB of data was copied.

VMware has played this down in a company blog post that reads:

“Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.”

The Bottom Line

While the amount and age of the source code may seem to indicate a lesser value in terms of implications, considering that there is an unconfirmed 300MB of code that is out in the wild is an area of concern.  An overwhelming amount of organizations rely on VMware solution for their infrastructure.  This extends to the cloud, internally, and externally, to high-availability scenarios, to virtual desktop implementations, and all services that run on it.  A vector of compromise that starts with such a code leak on this ubiquitous architectural component will be a point of significant concern for not only the security community, but any community that is responsible in mitigating risk and availability of services to an enterprise.

The biggest questions many should be asking right now are: how much the rest of the reportedly compromised source code is actually still out in the wild, how much of the genetics of that code still exists in the product today, and what if anything is its true value?   In the weeks and months to come, it may very well be answers to these questions will be revealed, in a good way or not.   It is a safe bet to assume VMware is actively looking to answer these questions, but not making it public.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU