Symantec's pcAnywhere Source Code Published
Back in 2006 hackers managed to download source codes of Symantec software after successfully gaining access to Symantec's infrastructure. The hackers managed to obtain Norton Antivirus Corporate Edition, Norton Utilities, Norton GoBack, pcAnywhere and Norton Internet Security source codes during the operation.
The incident came to light only recently, when hackers started to upload code sneak peeks and information to the Internet.
Symantec by then asked users of pcAnywhere to stop using the software to analyze and mitigate any arising risks. Symantec later on released a security recommendations whitepaper that described possible risk scenarios.
- The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
- A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
- If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
- In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
- Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
- For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.
These information where later removed from the whitepaper after a patch had been issued.
The hackers in the meantime have released email correspondence on PasteBin. Here it gets a bit blurry as both sides apparently tried to broker a deal that would prevent the source codes from being released to the public. According to Symantec, it was a sting operation from the very beginning. The hackers on the other hand stated that they tried to "humiliate them" further.
A torrent of the source code has since then been released on the popular Bittorrent indexing site The Piratebay where it quickly climbed into the top 5 seeded files of the Misc category.
The hackers have already announced that they will also release the Norton Antivirus source code.
Should Norton and Symantec customers be worried about the source code release? Symantec stated that user's who have upgraded the products to the latest version have nothing to worry about.
Advertisement
Sorry, there was a mistake in the Email address. no – but use a . instead
A bit late or even very late it is just 2021.
However, it seems nobody has checked into or posted the real reason for the “apparent” PcAnywhere hack.
In my opinion it was a planned move, to get rid off remote control software which would allow to by-pass the hurdles and mechanisms, which were intentionally implemented into all OSs and other software products, so preventing streaming from point to point from one continent to another.
PcAnywhere would have allowed to do that, and one could have PCs installed in any country and still have the privileges of the local accesses from anywhere in the world with the bandwidth from nowadays. That was a huge problem for the new industry controllers and goons, who rake in huge amounts of money and want and do sensor all produced content for any users.
This can be proven with an easy experiment, by trying to use PcAnyhwere in a local network after all updates were put in place by Microsoft and others. With bandwidths of 100mbits/s or even more, that code should run like a charm, but look what it does after you received all the shitty updates; it starts looping more and more until it is rendered worthless, hence it has been blocked intentionally.
Whoever has the source code, could be very problematic for the nowadays implemented restrictions put in place by the Beast System. It would be worth Millions in my opinion. Whoever reads this and has the code or knows how to obtain it, let me know? I assume it is not out there.