Anonymous’ Hardcore Charlie disputes downplaying of VMware code
The hacker behind the VMware source code leak has told The INQUIRER that there is more to it than the firm says, claiming that it is “dangerous”.
In an interview this morning Hardcore Charlie told The Inquirer that although VMware has dismissed reports so far, what has been found goes way beyond out of date code.
“They are saying it’s no big deal, code from 2003/04 that sort of thing,” he said in an IRC chat. “It is not only one file like they said and it is not the source code they wanted to be released.”
Hardcore Charlie was reacting to the post from EMC that said that it was aware of the code, but thought that even though there was a risk of it being shared the implications would be negligible.
“Our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe,” said Iain Mulholland, director of the VMware Security Response Center.
“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today.”
The hacker, who we met earlier when some documentation relating to the Chinese military and the CEIEC, the China Electronics Import & Export Corporation, was revealed, suggested that the firm was not aware of the scale of what it had lost, adding that perhaps it should look at a screenshot that had been made available.
“I wonder what they will say if looked at the screen,” he said. “Obviously they realize that the code will get to public – we are not here for money we are for lulz so we don’t cover up. We found the whole EMC line of products on chinese network.”
He added that more code will be released, but only partially. “It would be stupid not to explore the vulns, not let people analyze it,” he said. “We are blackhats.”