We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Symantec advises disabling pcAnywhere software
custardy
Posts: 38,365 Forumite
in Techie Stuff
http://www.bbc.co.uk/news/technology-16740153
Security firm Symantec has warned customers to stop using its pcAnywhere software.
The company confirmed that "old" source code stolen by a hacking group had exposed vulnerabilities in the remote access program.
An advisory note on Symantec's website explained how to minimise risks for customers who used pcAnywhere for "business-critical purposes".
Other software from the company is not at a heightened risk, Symantec said.
In its website note, the company said it recommended "disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks".
'Man in the middle'
"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," it added.
It said the vulnerability left pcAnywhere users exposed to "man in the middle" attacks - a security hole which puts data at risk of being intercepted.
An attacker could potentially gain remote control of a company's network and access sensitive information.
A Symantec spokesman said that fewer than 50,000 people used the standalone version of pcAnywhere - although the software was also bundled as part of other security packages.
It suggested that corporate customers who used pcAnywhere for business-critical activity should "understand the current risks" and "apply all relevant patches as they are released, and follow the general security best practices".
Blueprints
News of the source code theft emerged earlier this year after hacking group Lords of Dharmaraja - believed to be based in India - threatened to post it online.
Symantec initially said there was no risk to users as the stolen code was six years old, advising simply to make sure the most recent version of the products had been downloaded.
But the updated advice said the stolen material had included blueprints for Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and pcAnywhere.
Of those products, only pcAnywhere is said to be at "increased risk", and users of the other software packages should not be concerned.
"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialise as a result of this incident," the company reiterated on its website.
0
Comments
-
Errr hang on Symantec. Wouldn't code reviewers at the company who created the software in the first place have the ability to do that? You know, the ones who were supposed to check the code you wrote?Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits
Instead it's only taken a few weeks since this code was pinched for someone to find this vulnerability.
Dumasses
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.2K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards