VMware confirms source code leak, LulzSec-affiliated hacker claims credit

VMware has confirmed a leak of source code from the ESX hypervisor. The code was posted on Pastebin on April 8 by a hacker calling himself "Hardcore Charlie." VMware confirmed the theft yesterday, and said there is a "possibility that more files may be posted in the future." The good news is that the code dates from 2003 to 2004. While VMware ESX is still heavily used, VMware is shifting customers to a newer hypervisor called ESXi, which has a smaller attack surface and is designed to be more secure. "The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," the company said. "VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates ...

afghanistan ceiec center charlie china chinese community connection corporations esx esxi fbi hector horizon import-export information kaspersky lab lulzsec lulzsec-affiliated monsegur national pastebin possibility reuters security threatpost virtualization vmware