Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 13 MINUTES AGO.
You are here: Home / Data Security / Hackers Post Symantec Source Code
Hackers Post Symantec Source Code on Net
Hackers Post Symantec Source Code on Net
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
08
2012

An Indian hacker group has made good on its threats to publish stolen Symantec source code. The disclosure comes after ransom negotiations -- which the company said involved law enforcement agencies on a $50,000 sting operation -- stalled.

A hacker that goes by the handle YamaTough, who is associated with an Indian group affiliated with Anonymous that is called the Lords of Dharmaraja, published the source code to Symantec's pcAnywhere. The software allows users to remotely access and control other computers. YamaTough appears to have published the code on Pirate Bay.

"Symantec can confirm that the source code for pcAnywhere has been posted publicly. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess throughout the past few weeks," Symantec said in a statement. "Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since Jan. 23rd to protect pcAnywhere users against known vulnerabilities."

Get Patched Now

That said, Symantec is continuing to urge pcAnywhere customers to ensure that pcAnywhere version 12.5 is installed, apply all relevant patches that have been released and follow general Relevant Products/Services best practices. And Symantec warned that there may be more fallout before the drama is over. Specifically, the firm expects Anonymous will post the rest of the code it has claimed to have in its possession.

"So far, they have posted code for the 2006 versions of Norton Utilities and pcAnywhere. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security," Symantec said. "As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products."

In all, four products were affected, including pcAnywhere, Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks. Symantec spokesman Cris Paden said of those four products, only pcAnywhere is still sold -- all of the others have been phased out and discontinued, or totally rebuilt.

What's Next in Security?

Should companies expect more extortion attempts and source code publishing? Seeing as this particular extortion attempt was unsuccessful -- the hackers haven't made any money -- Graham Cluley, a senior security analyst at Sophos, said perhaps not.

Next question: Is this the beginning of a new trend in security threats or an isolated incident? Or what is the lesson security researchers and enterprises alike can learn from the Symantec incidents?

"We don't know enough about how the hack -- which took place some years ago at Symantec -- happened, so it's hard to learn any useful lessons," Cluley said. "One thing is clear though -- all companies should be on their guard. If it can happen to companies as big as Symantec and RSA, it could happen to you. Make sure you have defenses in place to lower the chances of your firm being the next victim."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.