- Home
- Cloud Essentials
- Software as a Service
- Accounting / Financial
- Analytics
- Asset Management
- Business Intelligence
- Business Process Management
- CRM
- Collaboration
- Compliance & Risk Management
- Content Management
- Development
- Document Management
- E-commerce
- E-learning
- ERP
- Help Desk Management
- IT / Application Management
- Marketing
- Messaging
- Procurement
- Productivity
- Project Management
- Transportation & Logistics
- Infrastructure as a Service
- Platform as a Service
- Providers
VMware source code stolen from chinese company
Virtualisation code behind cloud deployments stolen by Anonymous-affiliated hacker.
Source code for VMware's hypervisor, used in many cloud deployments, has been stolen from a Chinese company and posted online.
The hack is said to have been carried out by a hacker linked to Lulzsec and the details of the code posted online. VMware has confirmed the leak and said that more source code could find its way onto the internet.
The hacker involved, dubbed Hardcore Charlie, claimed that more source code from EMC (the parent company of VMware and security company RSA) could be revealed at a later date.
The code was stolen from the China National Import & Export Corporation (CEIEC). The hacker tweeted that they were a supporter of Anonymous and Lulzsec and came across the files by accident.
Iain Mulholland, director of VMware's Security Response Center said in a blog that the "fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers."
He added that the company regularly shares source code with partners and "interfaces with other industry participants to enable the broad virtualization ecosystem today."
“We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available," added Mulholland.
Security experts said that companies are usually required to protect the partner source code in the same way that it would their own.
"Sharing source code just increases risk of theft since the source code can be stolen directly, (similar to RSA) as well as from a partner," said Eric Chiu, president and founder of cloud security company HyTrust .
He added that with half of all datacentres virtualised, the risk of putting off security was now "too high."
"Organisations should look at security for virtual infrastructure holistically (i.e. secure the virtual infrastructure as well as the virtual machines), as well as take a defense-in-depth approach," said Chiu.
