RSS

Someone help secure the security giant!

11 Jan

Ever wonder how different things look from different angles? Just thinking aloud… After reading the a piece of writeup “Symantec’s Norton Antivirus source code exposed by hackers” by Graham Cluley on January 6, 2012, I asked myself, does a computer and information security giant such as Symantec need our help to at least stay secured themselves? The dehydrating question is, how has it been over the years with the so-called antivirus and Internet security softwares rolled into the market if they cannot even secure their source codes, can they hide our information? How can you give what you do not have? Do yourself a favour, read Cluley’s full story below.

Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product’s source code. An Indian hacking group, calling itself the Lords of Dharmaraja, has threatened to publicly disclose the source code on the internet. So far, there have been two claims related to Symantec’s source code. First, a document claiming to be confidential information related to Norton AntiVirus’s source code was posted on Pastebin. Symantec says it has investigated the claim, and that – rather than source code – it was documentation dated from April 1999 related to an API (application programming interface) used by the product. File list published by hacking group on PasteBin And secondly, the hacking group shared source code related to what appears to have been the 2006 version of Symantec’s Norton AntiVirus product with journalists from Infosec Island. A hacker called “Yama Tough”, who appears to be acting as a spokesperson for the gang, posted the content to PasteBin and subsequently published messages on Google+ about the alleged breach:

@Symantecjobfeed you guys r in troublepastebin.com/ciExRzr3 Symantec source code owneed like shit — Yama Tough (@YamaTough) January 04, 2012

The content on PasteBin has since been removed, and Yama Tough’s Google+ posts deleted. The hackers claim that it is working on creating mirror sites for its content, as it has felt pressured and censored by US and Indian government agencies. It’s important to underline that there is presently no reason to believe that Symantec’s own servers have been breached. Instead, it appears that the data leak may have occurred on Indian government servers – and the implication is that Symantec, and perhaps other software companies, may have been required to supply their source code to the Indian authorities. Furthermore, it is not clear if the source code which was accessed is relevant to up-to-date installations of Symantec’s anti-virus products and thus customers may not be at risk. Even if it was up-to-date source code, it may be of limited use to hackers and be used more as a “trophy scalp” for a hacking group intending to generate publicity for its grievances with the Indian authorities. Chris Paden, a Symantec spokesperson, confirmed to InfoSec Island that some of the firm’s source code had been accessed:

"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity." "We are still gathering information on the details and are not in a position to provide specifics on the third party involved." "Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."

There are some other details in a statement Symantec has posted on Facebook: Statement posted by Symantec

"Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third party entity." "We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time." "However, Symantec is working to develop remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts."

It’s hard not to feel sympathy for Symantec – who appear to have been caught in the crossfire between a hacking gang and the Indian authorities. Although Symantec customers may not be at risk, it’s easy to see how the software company will feel bruised by the publicity that the Lords of Dharmaraja have generated through their hack.

Advertisements
 
2 Comments

Posted by on January 11, 2012 in Information Security

 

Tags: , , , , ,

2 responses to “Someone help secure the security giant!

  1. Frankie Maha

    January 15, 2012 at 5:14 pm

    Hello Webmaster, I noticed that https://techsentry.wordpress.com/2012/01/11/someone-help-secure-the-security-giant/ is ranking pretty low on Google and has a low Google PageRank. Now the Google PageRank is how Google is able to see how relevant your webpage is compared to all the other webpages online, if you cannot rank high at the top of Google, then you will NOT get the traffic you need. Now usually trying to get to the top of Google costs hundreds if not thousands of dollars and very highly optimized targeted marketing campaigns that takes a team of experts months to achieve. However, we can show you how to get to the top of Google with no out of pocket expenses (free traffic), no stupid ninja tricks, no silly mind control techniques, and this will be all white hat with no blackhat software or tactics that could possibly land you on bad terms with Google and put you in the dreaded “Google Sandbox”. We’ll show you how to easily capture all the targeted traffic you need, for free, multiple ways to land fast (not months) first-page rankings in Google and other major search engines (Bing, Yahoo, Ask, etc), even show you strategies on how to earn daily commissions just try Ranking Top of Google, please check out our 5 minute video.

     
  2. bench jacken kinder

    January 16, 2012 at 3:59 am

    bench jacken damen schwarz
    Found your web site through Reddit. You already know I will be subscribing to your rss feed.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: