|
|
Thursday, January 19, 2012
|
Symantec Confirms Hackers Accessed Its Source Code
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
| Your Name: |
|
| Your e-mail: |
* Required! |
| Recipient (e-mail): |
* |
| Subject: |
* |
| Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
| |
|
| Message Text: |
Symantec has confirmed that a segment of its source code has been accessed by hackers.
Upon investigation of the claims made by 'Anonymous' hackers regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006.
Symantec said that there were no indications that its customer information had been impacted or exposed at this time.
According to Symantec's inverstigations so far, the theft is limited to the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere 12.0, 12.1 and 12.5.
Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code, Symantec added.
The company says that the exposed code is so old that current out-of the-box security settings will suffice against any possible threats that might materialize as a result of this incident.
Symantec's analysis showed that due to the age of the exposed source code - except for that of pcAnywhere - Symantec and Norton customers should not be in any increased danger of cyber attacks resulting from this incident. However, all pcAnywhere 12.0, 12.1 and 12.5 users are at an increased risk.
Symantec suggests users to make sure their AV definitions are up to date, upgrade their software to the latest maintenance version and also to upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1
Organization using the pcAnywhere software should have an endpoint protection technology installed that is current and up-to-date. Corporate firewalls should not allow inbound or outbound access to pcAnywhere without using VPN tunnels. Unauthorized individuals should not be permitted on company property. Additionally, companies should employ best practices when it comes to the configuration of pcAnywhere (e.g. Password strength, password retry limits, requiring the user to approve remote connections.) |
|
|
|
|