Norton Source Code Stolen

Status
Not open for further replies.
pcjunklist

pcjunklist

Level 1
Thread author
Dec 28, 2011
523
interesting read

http://www.tomshardware.com/news/Norton-Antivirus-Symantec-Imperva-Dharmaraja,14446.html
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Symantec: Norton Code Stolen in 2006 Hacking

After admitting that the Indian hacker called YamaTough managed to obtain the source code for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, the company came forward with another statement to say that the source code for some of their Norton products was leaked as a result of a hacking operation that targeted their systems in 2006.

According to SecurityWeek, the security solutions provider reports that since the breach took place their security has been upgraded, but didn’t provide other clarifications.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” Symantec’s Cris Paden said.
Click to expand...

Link
 
A

anitac

New Member
Nov 29, 2011
43
Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.

Furthermore, there are no indications that customer information has been impacted or exposed at this time.

What products were impacted?
Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere 12.0, 12.1 and 12.5.

Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code. The code that has been exposed is so old that current out-of the-box security settings will suffice against any possible threats that might materialize as a result of this incident.

What new risks could result from this disclosure?
Our analysis shows that due to the age of the exposed source code – except for that of pcAnywhere – Symantec and Norton customers should not be in any increased danger of cyber attacks resulting from this incident.

Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at an increased risk.

What should I do if my organization uses Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), Symantec Endpoint Protection (SEP) 11.0, or Symantec AntiVirus 10.2 ?
There is nothing additional that customers of these products need to do beyond adhering to best practices. The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident.

Our recommended best practices include:

*Making sure your AV definitions are up to date
*Making sure your software is upgraded to the latest maintenance version
*As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1

What should I do if my organization uses pcAnywhere?

As always with any remote control product, it is extremely important that best practices regarding physical security, endpoint security, network perimeter security and secure remote access are followed. For example, all computers should have an endpoint protection technology installed that is current and up-to-date. Corporate firewalls should not allow inbound or outbound access to pcAnywhere without using VPN tunnels. Unauthorized individuals should not be permitted on company property. Additionally, companies should employ best practices when it comes to the configuration of pcAnywhere (e.g. Password strength, password retry limits, requiring the user to approve remote connections.)
Click to expand...
http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims
 
H

HeffeD

Level 1
Feb 28, 2011
1,690
Something smells fishy here...

If the code was stolen in 2006, why is it only being announced right now? I can't imagine hackers bragging about a six year old theft...

And surely the hackers wouldn't be scanning the source to look for possible zero day exploits (their reasoning for holding off publicly releasing the code) in code that is six years old! Hackers are savvy enough to realize that the code has most likely changed drastically in the last six years. In fact, there is a very strong possibility that all of the code from six years ago might not even exist in the current product!

So either the hackers aren't the sharpest knives in the drawer, Symantec is unaware of a newer theft, or they are trying to downplay the seriousness of the issue.
 
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Symantec: pcAnywhere code stolen, so disable it, stop using it!

.
Symantec: pcAnywhere code stolen, so disable it, stop using it!, perhaps you .. not me, because I do not use any Symantec product, far from it!;)


Symantec tells customers to disable pcAnywhere software: by Reuters.com: http://www.reuters.com/article/2012/01/25/us-symantec-hacking-idUSTRE80O1UY20120125

QUOTE:
'Symantec Corp took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.'

'Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.' - because 'the possibility that hackers could steal data or credentials' is real if used.

'The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.'


I never used Symantec products hopefully for me.:p
.
 
Status
Not open for further replies.

Similar threads

Jengo
    • Like
    • Thanks
    • Applause
New Update Norton Security 22.24.1.6 for Windows is now available!
Replies
51
Views
3,383
Norton
simmerskool
simmerskool
Gandalf_The_Grey
    • Like
    • +Reputation
    • Sad
Technology HDMI Forum rejects AMD's HDMI 2.1 open-source driver
Replies
5
Views
551
Technology News
MuzzMelbourne
MuzzMelbourne
Bot
    • Like
Norton Security 22.23.10.10 for Windows is now available!
Replies
0
Views
454
Norton
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top