Fanning the flames that fired me
|
|
|
Symantec admits its servers were hacked
SECURITY VENDOR Symantec has admitted that its servers were successfully hacked and Norton antivirus and other software source code was stolen.
At the beginning of this month the firm acknowledged that some of its source code was obtained from a third party but said that would not affect Norton antivirus users. However, it now admits that an attack in 2006 obtained source code for other software, which could put its customers at risk.
The investigation was prompted by hackers threatening to release source code this week. However, the threat was not fulfilled yesterday as had been promised earlier by Yama Tough, a hacker associated with Anonymous and The Lords of Dharmaraja.
At that point Symantec maintained that the source code related only to an old version of Norton Utilities and that it posed no threat. It said it had "no indications that the code disclosure impacts the functionality or security of any of Symantec's other solutions".
However the firm has now said in a statement, "Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006."
It said the source code relates to the 2006 editions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Systemworks and PCanywhere.
"Due to the age of the exposed source code, except as specifically noted below, Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks resulting from this incident," it added.
While some users might be okay, Symantec said that PCanywhere users could be at increased risk as a result of the issue "if they do not follow general best practices". Symantec is contacting PCanywhere customers to make them aware and provide protection for their devices and information.
Symantec concluded its statement by saying, "Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring." µ
Tags: Security
Share this:
Share
Only a fool would run a security firm and not release pertinent data regarding a security breach in order to inform the customers at risk.
The hack was more recently not in 2006. This seems like a non story as the code isn't used for anything but PCAnywhere.
But, I don't think it was obsolete back in 2006 when attack actually occurred though.
Only a fool would be using 2006 anti-virus software.