Symantec now admits to cyber attack on source code in 2006

[DKT27]

Symantec has now admitted that the source code obtained by hackers for its line of anti-virus software was obtained in 2006 from its own servers, rather than from a third party.

An older version of the source code created for Symantec's anti-virus and other software security products came directly from Symantec's own servers, rather than from a third party as the company previously had stated a few days ago.

According to a story on Reuters, a Symantec spokesperson said that the source code was obtained back in 2006 for a number of the company's software products. The company currently has no information on how the source code was obtained. It's also not known why it took five years for this issue to resurface.

The source code products included Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. Symantec said that, with one exception, any release of the source codes of these products on the Internet are no threat to any of its customers that are running the current versions of these software products.

The one exception is the pcAnywhere product which Symantec admits to a slight issue with security. A spokesperson said, "Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information."

Last week a hacker group known as the The Lords of Dharmaraja released the source code for the 2006 version of Norton Utilities. The group said they were going to release the source code for Norton Antivirus on Tuesday but so far there's no indication that has happened yet.

:view: View: Original Article

[Sonar]

Glad i dont use norton

[Tweety.Abd]

Version 2006? I wonder if it's of any use.

[DKT27]

Version 2006? I wonder if it's of any use.

It depends. If Symantec re-wrote the source code for newer version from scratch, then it's not of any use. Fully re-writing the source code of an AV is not possible if you ask me, but never know.

[CODYQX4]

Definitely not of much use, as things have changed so much, just maybe there will be a piece of code that has a 5-6 year old vulnerability in it. If only they released 2012 as pre 2009 NIS ran like a massive piece of shit, and that suggests a lot has changed in the engine.

Still might just be a bunch of optimization but I'd expect if the code was held that long someone would have sold the known exploits for big bucks as opposed to hold them until they potentially get patched.

[Tweety.Abd]

Well if things haven't changed much, they should have modified it and made a new free AV :P And I know it might sound dumb, but I didn't know obtaining source code was a big thing; believed that any good reverse engineer could do it.

[Frosticles]

Well ive always thought that norton isnt a good virus scanner so ive stayed away form it myself ;)

[maia]

Symantec says hackers stole source code in 2006

(Reuters) - Symantec Corp said a 2006 breach led to the theft of the source code to its flagship Norton security software, reversing its previous position that it had not been hacked.

The world's biggest maker of security software had previously said that hackers stole the code from a third party, but corrected that statement on Tuesday after an investigation found that Symantec's own networks had been infiltrated.

The unknown hackers obtained the source code, or blueprint for its software, to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, Symantec spokesman Cris Paden said.

Last week, the hackers released the code to a 2006 version of Norton Utilities and have said they planned to release code to its antivirus software on Tuesday. It was not clear why the source code was being released six years after the theft.

Source code includes instructions written in computer programming languages as well as comments that engineers share to explain the design of their software. For example, a file released last week from the source code of a 2006 version of Norton Utilities included a comment that said "Make all changes in local entry, so we don't screw up the real entry if we back up early."

Companies typically heavily guard their source code, which is considered the crown jewels of most software makers. At some companies access is granted on an as-needed basis, with programmers allowed to view code only if it is related to the tasks they are assigned.

The reason for all the secrecy is that companies fear rivals could use the code to figure out the "secret sauce" behind their technology and that hackers could use it to plan attacks.

Paden said that the 2006 attack presented no threat to customers using the most recent versions of Symantec's software.

"They are protected against any type of cyber attack that might materialize as a result of this code," he said.

Yet Laura DiDio, an analyst with ITIC who helps companies evaluate security software, said that Symantec's customers should be concerned about the potential for hackers to use the stolen source code to figure out how to defeat some of the protections in Symantec's software.

"What we are seeing from Symantec is 'Let's put the best public face on this,'" she said. "Unless Symantec wrote all new code from scratch, there are going to be elements of source code in there that are still relevant today."

Symantec said earlier this month that its own network had not been breached when the source code was taken. But Paden said on Tuesday that an investigation into the matter had revealed that the company's networks had indeed been compromised.

"We really had to dig way back to find out that this was actually part of a source code theft," he said. "We are still investigating exactly how it was stolen."

Paden also said that customers of pcAnywhere, a program that facilitates remote access of PCs, may face "a slightly increased security risk" as a result of the exposure.

"Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information."

(Reporting By Jim Finkle in Boston, additional reporting by Nicola Leske in New York, editing by Matthew Lewis)

Source

[DKT27]

@flaubert: Added a source link and merged the threads. ;)