Announcement

Collapse
No announcement yet.

Hackers steal Norton anti-virus source code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hackers steal Norton anti-virus source code

    By Zack Whittaker
    January 6, 2012, 5:23 A.M. PST

    Symantec has confirmed that a “segment” of its flagship Norton anti-virus product’s source code was leaked onto the web this week.

    The firm said that the code relates to two older enterprise products, one of which is no longer in production. But it said the breach was on a third-party network rather than its own, and will “not affect any current Norton product”.


    Image source: Pastebin.

    The source code has yet to be published, but a post making the claim on to hacker’s favorite Pastebin has since been removed. A Google cache of the page still exists.

    “So far we have discovered within the Indian Spy Program source codes of a dozen software companies which have signed agreements with Indian TANCS program and CBI”, the note added.

    Symantec has started an investigation, but claims that the document does not reflect the current work of the security firm.

    While the security firm said it was “not in a position to provide specifics on the third party involved”, it is thought that the third-party network belonged to one of the Indian intelligence agencies.

    “This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present,” he said, speaking to the IDG news service.

    The “The Lords of Dharmaraja”, the hacking group who authored the Pastebin note, has yet to release the code online.

    A second note appeared detailing files that feature in the source code, but Symantec could not confirm if the file listings and more of its products or services could be compromised.

    Rob Rachwald, director of security at Impervia, said that this breach is “quite embarrassing on Symantec’s part”. He added that should the source code be recent and hackers find serious vulnerabilities, it could be possible to exploit the product itself.

    “But that is a big if and no one but Symantec knows what types of weaknesses hackers could find”, he added.
    The Hackmaster

  • #2
    it has nothing to do with SOPA..

    anyways, i don't use Norton.. i'm more of Avira user

    Comment


    • #3
      I use Enterprise edition of their anti virus hopefully nothing major against that product.
      Spoiler Alert! Click to view...

      THE BAD GUY!!!!!!

      Comment


      • #4
        Claims by Anonymous about Symantec Source Code

        January 20, 2012, 17:15 PST

        Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.

        Furthermore, there are no indications that customer information has been impacted or exposed at this time. What products were impacted?Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere 12.0, 12.1 and 12.5, as well as prior versions of pcAnywhere. Based on our analysis, the Norton Antivirus Corporate Edition code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.

        The Symantec Endpoint Protection 11 product – which was initially released in the fall of 2007 – was based upon a separate code branch that we do not believe was exposed. This code branch contains multiple new protection technologies including Heuristic Protection, Intrusion Prevention Security, Firewall, Application Control, Device Control, Tamper Protection, redesigned core engines, as well as our Symantec Endpoint Protection Manager (SEPM). Customers on Symantec Endpoint Protection 11.x are at no increased security risk as a result of the aforementioned code theft.

        What new risks could result from this disclosure?

        Our analysis shows that due to the age of the exposed source code – except for that of pcAnywhere – Symantec and Norton customers should not be in any increased danger of cyber attacks resulting from this incident. Our current analysis shows that all customers who use pcAnywhere 12.0, 12.1 and 12.5, as well as prior versions, are at a slightly increased security risk.

        What should I do if my organization uses Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), Symantec Endpoint Protection (SEP) 11.0, or Symantec AntiVirus 10.2?

        There is nothing additional that customers of these products need to do beyond adhering to best practices. The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident. Our recommended best practices include:

        Making sure your AV definitions are up to date

        Making sure your software is upgraded to the latest maintenance version

        As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1. Our analysis shows that the code theft does not require organizations to accelerate an upgrade to SEP 12.1.

        What should I do if my organization uses pcAnywhere?

        With this incident pcAnywhere customers have increased risk. As an initial step, customers should validate that their security best practices are intact. This includes ensuring general security best practices are followed in the areas of endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks. Depending on these factors customers may still have risks that could facilitate system access by malicious activity or individuals.
        The Hackmaster

        Comment


        • #5
          Symantec Tells Customers To Stop Using pcAnywhere

          Posted by timothy on Thursday January 26th, 09:24 A.M.

          Orome1 writes

          "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued.

          If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded.

          If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."
          The Hackmaster

          Comment

          Working...
          X