Recently ESX and VirtualCenter (VC) patches were released which – among others – fix several security issues. These issues are detailed in a new advisory, VMSA-2008-0007, and in the updated advisories VMSA-2008-0002.1, 0003.1, 0004.1, 0006.1. Please take some time out of your busy schedule to review your deployments and update where appropriate.
In an effort to improve our advisories, we have added a change log which should help identifying what has changed. Your feedback on this and on other possible additions to our advisories is highly appreciated. You can reach us by e-mailing firstname.lastname@example.org; our PGP key can be found here.
I posted a few weeks ago about VMware’s booth at RSA next week and Steve Herrod’s panel session next Friday. However, virtualization and security is not just a VMware thing, it’s an entire security community thing, so expect to hear a lot of security vendors at the RSA Expo this year discussing their plans around virtualization.
Many vendors have recently announced or are announcing virtual appliance editions of their products and will be showing them off at RSA. For example, Symantec will be demonstrating their Mail Security 8300 gateway security product for messaging threats as a virtual appliance.
Some notable booths and events to check out with VMware partners at the RSA Expo:
- Tuesday, 1:15 pm, at the Tripwire booth – Dwayne Melancon and Gene Kim of Tripwire will be discussing "Controlling Risk in Virtual Environments"
- Wednesday, 1 pm, and Thursday, 2 pm, at the Shavlik booth – Shavlik CTO Eric Shultze and VMware product management will be speaking about virtualization security and product roadmaps
- Ongoing, at the McAfee booth – McAfee will be doing demos in their booth of potential new anti-malware capabilities using the VMware VMsafe API
- Ongoing, at the RSA Partner Pavilion – RSA and VMware will have a full Virtual Desktop Infrastructure (VDI) deployment showing the out-of-box integration of the Virtual Desktop Manager with RSA Authentication for secure two-factor end-user authentication
In addition, we plan on having several partners at VMware booth to discuss their roadmap for VMware integration or the VMsafe API. So far we have McAfee coming by at noon on Tuesday and Wednesday and Tripwire at 3:30 pm on Tuesday. Look for additional announcements onsite at our booth #339.
Finally, to unwind after a full day of conference activities, we’ve heard from some folks active on our Security and Compliance Communities forum that they’re planning to meet up informally for drinks Wednesday from 5-8 pm, at the Thirsty Bear Brewing Co. at 661 Howard (just past the W Hotel). The VMware security team will be dropping in for a drink as well, several of us right after the Expo closes at 6 pm. We look forward to chatting with customers and other security community folks there – look for us in light blue VMware polo shirts.
Check out the VMware Communities post here RSA 2008 Conference in San Francisco.
See you at RSA!