When an Anonymous hacker leaked a page of VMware’s source code along with other documents from a compromised Chinese company in early April, he threatened that the leak was “just a preview,” and that more documents were coming on May 5.
Then, the hacker claiming responsibility for the leak reportedly told Kaspersky Labs’ Threatpost blog that among those files, a terabyte in all, there were 300 megabytes (MB) more VMware source code.
Thus, it was widely anticipated by the VMware community (including this blog) that 300 MB of VMware source code would be released on Saturday.
On May 3, VMware rushed out a bunch of critical patches for ESX, ESXi, Workstation and Player, heightening the anticipation.
The big day has now come and gone, however, and there was nary a whisper of VMware’s name on various Twitter accounts associated with the initial leak. If 300 MB more source code did hit the Internet this weekend, it was done with far less public fanfare than the “sneak preview” received.
Users say the lack of leak doesn’t change much about their outlook on the situation.
“These types of hackers are criminals, and criminals aren’t known for keeping their word,” said Bob Plankers, a virtualization architect at a large Midwestern university. “There are a number of security updates now available for nearly every version of vSphere and its predecessors, so at the least it looks like VMware took the issue seriously on all fronts.”
Trying to guess at what happened means trying to figure out the agenda of a hacker, which is nearly impossible to do, said Edward Haletky, CEO of The Virtualization Practice LLC. It might have been that the wide-ranging publicity the initial leak received was all he was looking for.
“It could’ve been truly just about awareness, saying, ‘hey, you know, this code really isn’t private anymore’,” Haletky said. “There could be a million and one reasons.”
The fact that there was no obvious code release on May 5 shouldn’t make much difference to VMware pros, Haletky said. They should still apply VMware’s new patches and keep up with security best practices. “The answer still is to prepare for such things…do the defense in depth, do the research…if it happened once, it could happen again.”