Symantec's pcAnywhere Source Code Published - gHacks Tech News

Symantec's pcAnywhere Source Code Published

Back in 2006 hackers managed to download source codes of Symantec software after successfully gaining access to Symantec's infrastructure. The hackers managed to obtain Norton Antivirus Corporate Edition, Norton Utilities, Norton GoBack, pcAnywhere and Norton Internet Security source codes during the operation.

The incident came to light only recently, when hackers started to upload code sneak peeks and information to the Internet.

Symantec by then asked users of pcAnywhere to stop using the software to analyze and mitigate any arising risks. Symantec later on released a security recommendations whitepaper that described possible risk scenarios.

  • The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
  • A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
  • If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
  • In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
  • Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
  • For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.

These information where later removed from the whitepaper after a patch had been issued.

The hackers in the meantime have released email correspondence on PasteBin. Here it gets a bit blurry as both sides apparently tried to broker a deal that would prevent the source codes from being released to the public. According to Symantec, it was a sting operation from the very beginning. The hackers on the other hand stated that they tried to "humiliate them" further.

A torrent of the source code has since then been released on the popular Bittorrent indexing site The Piratebay where it quickly climbed into the top 5 seeded files of the Misc category.

symantec pc anywhere source code

The hackers have already announced that they will also release the Norton Antivirus source code.

Should Norton and Symantec customers be worried about the source code release? Symantec stated that user's who have upgraded the products to the latest version have nothing to worry about.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

    Leave a Reply

    Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

    Please note that your comment may not appear immediately after you post it.