Vmware a California, based company
providing the virtualization software has became the victim of Computer
Hackers. The Computer Hackers stolen the source code of the ESX
virtualization products and published it online. The attack was done by a
hacker called Hardcore Charlie claims that he has stolen 300MB of source code.
The company became aware of the attack
on April 23 when the source code got posted online. The company told
that there is chance of more source code posting over the Internet. And
also there is a little risk still remains for the existing users
"The fact that the source code
may have been publicly shared does not necessarily mean that there is
any increased risk to VMware customers," Iain Mulholland, director of
VMware's Security Response Center said in a statement.
Some speculations suggests that the
theft may have come from a hacking attack in March on a Chinese
import-export company, the China National Electronics Import-Export
Corporation (CEIEC), based in Beijing, in which 1TB (1,000GB) of data
was copied.
"VMware proactively shares its source code and interfaces with
other industry participants to enable the broad virtualization ecosystem
today."
Hardcore Charlie confirmed in IRC
conversations with Kaspersky that the stolen data can be traced back to
the breach of Sina.com server resulting in thousands of email accounts
being compromised. He went on to say that he enlisted the help of
another hacker, @YamaTough to crack the cryptographic hashes securing
the Sina data. Access to CEIEC was later found in emails once decrypted.
"We take customer security seriously and have engaged internal and
external resources, including our VMware Security Response Center, to
thoroughly investigate. We will continue to provide updates to the
VMware community if and when additional information is available,"
Mulholland continued.
Kaspersky also later confirmed "what
appear to be internal VMware communications, pasted onto CEIEC
letterhead and with official looking stamps," which Mulholland
speculated "were manually added into the company's source code
repository to provide context for developers."
0 comments:
Post a Comment