The VMware Security Response Center has just posted the following announcement
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers
Update, April 25th: I’ve been contacted to discuss this story in more detail. Here are some general points I have made.
- VMware is being proactive in notifying customers and the public. They will provide further details if/when necessary but you can see from the announcement that they are attentive to risk and assessing it thoroughly. There was no prior announcement.
- The breach of the China National Electronic Import-Export Company (CEIEC) at the start of this month (Apr 2nd) is being reported as related to this announcement. The US Government imposed sanctions against CEIEC in December of 2006 (FR Doc No: E6-22630) under “Section 3 of the Iran and Syria Nonproliferation Act”.
- Do not download files from the CEIEC breach without taking special precaution against malware and exploits
2nd Update, April 25th: The Register has posted a blurry image of the stolen code, covered in “Death Card” images. That is probably an historical reference to the “Ace of Spades,” which has been popularised as a victory taunt in American pop-culture.
The actual effect of the card, however, is far from what has been depicted in Hollywood and thus likely to be different from what was intended by those releasing the ESX code. Its history and effect is explained in detail by PsyWarrior, who includes a quote attributed to “Lieutenant Colonel William J. Beck who commanded the 4th PSYOP Group from 15 October 1967 to 7 October 1968”:
Any survey of the PSYOP program in Vietnam reveals that many psy-operators are frustrated by the lack of signs of tangible success in the PSYOP effort…Perhaps in an attempt to overcome this deficit many appear to be impressed with the values of what can only be called propaganda gimmicks. This includes the use of the ace of spades, special lighting effects, and ghostly loudspeaker broadcasts.
This aspect, unfortunately has often reduced idea formation on the part of these operators and staff to the level of “gimmicky†and more or less desperate attempts to find a quick solution and dramatic breakthrough. This is not good PSYOP.
The Ace of Spades, therefore, appears historically to be a reference to attackers who struggle from “lack of signs of tangible success”.
Bitter Seeds is Peled’s third film in a trilogy on globalisation. It explores the risks faced by Indian cotton farmers caught up in a genetically modified seed program by Monsanto. The movie follows a farmer’s daughter as she tries to expose the story of her father’s death.