VMware rolled out the red carpet for attendees at the Boston Convention and Exhibition Center, which vaguely resembles an airplane hangar.
Attendees milled around before the general session, which kicked off the event. One keynote speaker, Benjamin Gray, principal analyst at Forrester Research, spoke about how organizations are shifting toward more BYOD- and cloud-based models. And Vittorio Viarengo, vice president of end-user computing at VMware, talked about how VMware is responding to the evolving challenges that are present in today’s data centers. He also showed a demo of View 5.1.
Here’s a look at the partner pavilion, where dozens of vendors and solution providers showed off their products and services. VMware’s booth featured demos of several products, including Horizon Application Manager.
Kaspersky Labs had one of the more engaging booths in the partner pavilion, where attendees could race toy cars around a track. I’m not quite sure what it had to do with antivirus software, but it got people over to the booth.
On a side note, I launched my car off the track on the first turn.
Feeding time at VMware Forum. I quickly learned not to get in the way of an IT guy and his boxed lunch.
My lunch came with a ham and cheese sandwich on a pretzel roll, Cape Cod chips and a chocolate chip cookie. Everything tasted great, except the promotional card for Dr. Dre headphones.
The event ended with a series of breakout sessions, such as this one, “Accelerate your Journey to the Cloud with Storage for VMware.” VSpecialist James Ruddy explained the different ways to architect storage arrays in cloud infrastructure.]]>
Then, the hacker claiming responsibility for the leak reportedly told Kaspersky Labs’ Threatpost blog that among those files, a terabyte in all, there were 300 megabytes (MB) more VMware source code.
Thus, it was widely anticipated by the VMware community (including this blog) that 300 MB of VMware source code would be released on Saturday.
On May 3, VMware rushed out a bunch of critical patches for ESX, ESXi, Workstation and Player, heightening the anticipation.
The big day has now come and gone, however, and there was nary a whisper of VMware’s name on various Twitter accounts associated with the initial leak. If 300 MB more source code did hit the Internet this weekend, it was done with far less public fanfare than the “sneak preview” received.
Users say the lack of leak doesn’t change much about their outlook on the situation.
“These types of hackers are criminals, and criminals aren’t known for keeping their word,” said Bob Plankers, a virtualization architect at a large Midwestern university. “There are a number of security updates now available for nearly every version of vSphere and its predecessors, so at the least it looks like VMware took the issue seriously on all fronts.”
Trying to guess at what happened means trying to figure out the agenda of a hacker, which is nearly impossible to do, said Edward Haletky, CEO of The Virtualization Practice LLC. It might have been that the wide-ranging publicity the initial leak received was all he was looking for.
“It could’ve been truly just about awareness, saying, ‘hey, you know, this code really isn’t private anymore’,” Haletky said. “There could be a million and one reasons.”
The fact that there was no obvious code release on May 5 shouldn’t make much difference to VMware pros, Haletky said. They should still apply VMware’s new patches and keep up with security best practices. “The answer still is to prepare for such things…do the defense in depth, do the research…if it happened once, it could happen again.”]]>
Affected products include ESX and ESXi versions 3.5, 4.0, 4.1 and 5.0, Workstation and Player. A further description of problems associated with the patches and linked from the security update blog describes remote procedure call (RPC), SCSI driver and network file system (NFS) vulnerabilities which could potentially allow an unauthorized user execute code on a virtualized host.
With the post’s repeated use of the word “critical,” and widespread Tweeting of a link to it by VMware officials, it’s clear the patches are important. In fact, such a security update hasn’t been posted on the VMware Security and Compliance Blog since the announcement of a critical update to ESX 3.5 in 2008.
Though the post referred directly to the leak incident, what’s less clear is the exact relation of these newly announced vulnerabilities and the leaked source code file.
VMware framed the security advisory as the accelerated release of patches the company was working on anyway. “In light of the current circumstances, we have accelerated our most recent security patches and applied them to all affected currently supported products,” the post said.
“I think it is an abundance of caution, but in addition, some pro-active concern,” said security expert Edward Haletky, CEO of The Virtualization Practice LLC. While there is historical evidence that it is possible to crash a VM using paravirtualized drivers and backdoor elements in the past, he added, “the execution of code on the host is intrinsically difficult regardless of how an escape is performed.”
These aren’t the first VMware product patches which raise the spectre of rogue code executed on a host – even in the last few weeks. A security advisory was also issued without nearly as much fanfare April 12, in which three critical patches were released for VMware’s vShield Endpoint security product.
VMware’s Knowledge Base article paired with today’s security advisory also specifically credits an individual, Derek Soeder of Ridgeway Internet Security LLC, with identifying some of the vulnerabilities, rather than specifically linking their discovery back to the leaked file. Soeder, meanwhile, was publicly raising security issues with VMware’s software in a blog posted March 30, before the 2004 source code file was leaked.
Regardless of whether the hacker who threatens to leak megabytes more source code on May 5 acts on that threat, or whether these patches are specifically related to the high-profile leak, VMware customers shouldn’t take any chances, experts say.
“For now, all we can do is what we should always do, keep current on our patching levels,” said Christian Mohn, senior infrastructure consultant at EVRY Consulting in Norway.
Meanwhile, “May 5th might just turn into something more interesting than I had thought a week ago,” he said.]]>