Home › News › Security
Symantec recommends disabling pcAnywhere after source code leak
In a PDF outlining the impact of its proprietary source code being stolen, Symantec recommends disabling pcAnywhere until the next update is issued. This warning includes users who are running pcAnywhere 12.0, 12.1 and 12.5, which is the latest version. Aside from being a stand-alone product, the software also comes bundled with Altiris so companies may be particularly at risk.
pcAnywhere, a software designed to give users access to remote computers, is a particularly sensitive piece of software to have fully exposed. Developers often rely on "security through obscurity", but releasing a commercial product's proprietary source code into the wild defeats the effectiveness of this strategy.
Symantec has given mixed statements regarding the incident, but the company most recently told Reuters that the leaked source code was stolen during a prior security breach of Symantec's own servers in 2006. This is in contrast to a claim by hackers earlier this month that they had managed to pilfer the company's source code during a supposed intrusion of India's military network.
If what Symantec says is true, this raises the disturbing possibility that pcAnywhere has been quietly compromised for nearly six years. The 2006 security breach was thought to have been performed by members of Anonymous.
Subsequent to claims of infiltrating India's military, supposed internal intelligence memos were leaked -- documents which implied the Indian government was engaging in espionage against the U.S. and China. India stated the documents were fabricated, but that did not stop the U.S. from launching an investigation into the matter.
The investigatory probe has since suggested Chinese hackers were responsible for the attacks, not Indian hackers. The real target of the attacks was the National Foreign Trade Council, a U.S.-based, non-governmental organization that supports free trade and commerce.
User Comments (7)
Post a comment|
Guest on January 26, 2012 4:47 PM |
How the heck can anonymous be blamed for the 2006 leak if they pretty much didn't exist back then? |
|
jafo818 on January 26, 2012 8:12 PM |
Anonymous may not have existed, but their members aren't newborns. Use your brain. |
|
TJGeezer on January 27, 2012 12:27 PM |
Dunno if this is a stupid question but... with encryption, any system not out there for public attack is inherently insecure. Since it hasn't had the opportunity to withstand or fail under open attack, so weaknesses can be dealt with, you have to assume it provides only false security, which is worse than knowing you have none. Wouldn't a private pipe to a remote machine be subject to the same principles? That is, if source code isn't out there being tested openly, and its developers learning from failed or successful intrusion attempts, wouldn't you have to assume it can only supply a false sense of security for your system? |
|
Guest on January 27, 2012 1:16 PM |
Symantec. Slowing computers since 1982 ® |
|
lionvibez on January 27, 2012 4:09 PM |
Guest said: LMAO that is golden bro!
Symantec. Slowing computers since 1982 ® |
|
Guest on January 27, 2012 5:41 PM |
I bet it was an inside job. Symantec hired anons without a clue. |
|
tengeta on January 28, 2012 8:32 AM |
yeah, like someone who uses symantec garbage on their computer is a person who keeps up with tech news. |
Most Popular
| Trending | Featured |
-
HTML 5 Gaming Showcase: Old Classics and Modern Games You Can Play for Free
-
Samsung's Massive 5.3-inch Smartphone: Galaxy Note Review
-
Microsoft claims Google foils IE's privacy policies as well
-
Apple settles class action lawsuit, will pay $15 to iPhone 4 owners
-
Microsoft details Windows 8 and SkyDrive integration, Metro-style app