Symantec Breach: Vulnerability Victims

Monday, January 23, 2012 @ 01:01 PM gHale


With Symantec admitting last week hackers stole the code to the company’s antivirus software six years ago, details are emerging that show who and what is vulnerable.

Right now it seems Symantec’s former federal customers and current remote access users could be working with vulnerable software.

RELATED STORIES
Symantec Source Code Stolen in ‘06
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked
Symantec: Hackers got Some Code
Hackers Claim Symantec Code

Earlier this month hackers some of Symantec’s source code and planned to release more.

After days of wrangling over the issue, the maker of the leading computer security products said intruders obtained the source code for Norton Antivirus Corporate Edition, which government agencies used. Of the compromised offerings, only pcAnywhere, not suited for organization wide use, is still on the market. The tool allows one computer to remotely control another computer.

The Defense and Veterans Affairs departments have solicited pcAnywhere products, according to the government procurement website FedBizOpps.gov. Defense, Veterans Affairs, Commerce, Homeland Security and State departments, along with the General Services Administration, all have purchased Symantec items since January 2006.

Symantec said attackers breached the company’s networks, while earlier this month the company maintained hackers stole the code from a third party.

Current customers, including federal agencies and private companies, are no longer using the affected corporate edition because the company no longer sells it or supports it, said Symantec spokesman Cris Paden. “No enterprise would be using an antivirus solution that can’t be updated and hasn’t been updated in years,” he said.

Paden said Symantec has contacted users of pcAnywhere to instruct them on necessary precautions. The directions include installing “endpoint security” that protects points along a network accessed by remote devices. In addition, companies should set password retry limits to block users who surpass a certain number of login attempts and require users to create strong passwords.

All users, except those on pcAnywhere, are safe if they are using current versions of Symantec products, Paden said. “They don’t need to upgrade or change software. Just make sure it’s updated, which it will be particularly if the auto-update function is turned on,” he added.

The other products targeted in 2006 include Norton SystemWorks, which the company discontinued, and Norton Internet Security, which the company rewrote in 2009, he said.



Leave a Reply

You must be logged in to post a comment.