Hacker leaks source code of old VMware software
EMC subsidiary VMware has acknowledged that a hacker has released some of the company's source code. The currently accessible code includes a file containing C macros for generating code on x86 platforms and a lightly documented Perl script that could be relevant for the processing of object code. VMware said that the files date back to 2003 and 2004 and are part of the ESX hypervisor, which has since been superseded by ESXi.
A post on the threatpost blog, run by security firm Kaspersky, shows a copy of an email which is nine years old and contains the subject line "code review: untruncating segments". The article continues by saying that a hacker who goes by the name of "Hardcore Charlie" downloaded 300MB of VMware sources.
According to VMware, the publication of the source code does not necessarily mean that there is any increased risk for the company's customers. In a statement, the company said that VMware proactively shares its source code and interfaces with other industry participants to enable a "broad virtualisation ecosystem". Additional information will be provided if and when it becomes available.
Kaspersky has associated this leak with the recent publication of a series of documents connected to attacks on the China Electronics Import & Export Corporation (CEIEC). The security firm said that, according to "Hardcore Charlie", the attacks were based on an intrusion into the systems of web mail provider Sina.com. The hacker reportedly told threatpost that he stole the encrypted access credentials for hundreds of thousands of email accounts from this provider and cracked them with the help of another hacker. Apparently, one of the accounts was used by a CEIEC subsidiary in India and contained the credentials for a range of VPN accounts that linked into CEIEC's main corporate network.