VMware Breached, More Hypervisor Source Code To Come

By | April 30, 2012

Source: Information Week

by  Mathew J. Schwartz

In this article “Hypervisors–such as VMware ESXi and Xen–provide the platform on which virtualized guest operating systems run, and are therefore a core component of any business’s virtual infrastructure. But they’re also apotential security weak point. A 2010 study from IBM, notably, found that 35% of all vulnerabilities in a virtualized environment could be traced to the hypervisor.

Those vulnerabilities are cause for concern in the wake of VMware’s Monday confirmation that source code dating to 2003 and 2004 had been publicly released by a hacker billing himself as Hardcore Charlie. Furthermore, he said the release was a “sneak peak” of the 300 MB of VMware source code he said is in his possession, which he said will be publicly released May 5.

Iain Mulholland, director of the VMware Security Response Center, said in a Monday blog post that the company’s security team had confirmed that a file containing VMware ESX source code had been published. He promised that VMware would update its customers as it learned more.”

 

Leave a Reply