The afternoon knows what the morning never suspected - Swedish proverb
|
|
|
Symantec warns about PCanywhere and Anonymous
SECURITY FIRM Symantec has issued an alert about its PCanywhere software, and warned enterprises to use it only for business critical purposes.
The firm has told users about a problem that might lead to remote code execution and recommended a hot fix.
"Symantec PCanywhere is susceptible to local file tampering elevation of privilege attempts and remote code execution attempts," is the official line from the firm.
"It is possible to run arbitrary code on a targeted system in the context of the application which is normally System."
A hot fix is available now and users are advised to fix the problem right away in order to avoid someone injecting a script into their computer and seizing control of it.
The remote code execution is enabled through the improper validation or filtering of external data input during login and authentication with Symantec PCanywhere host services on TCP port 5631, Symantec explained.
"Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system," it added.
The company did not say it, but it is possible that the vulnerability could present an opportunity to hackers that support the Anonymous group, which earlier claimed to have source code belonging to it.
In a statement called "Claims by Anonymous" that Symantec uses to hopefully dispel myths about the attacks, it said that PCanywhere users were at some increased risk after the theft.
"Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product," it said.
"Symantec recommends that customers follow general security best practices, as well as configuring pcAnywhere in a way that minimizes potential risks. Symantec also recommends that customers only use pcAnywhere for business critical purposes."
Anonymousabu, one of the more vocal of those associated with Anonymous, greeted the news with grim humour. "They're upset we reverse engineered their client to bypass authentication and are taking over corp pcanywhere servers," he said. "LOL." µ
Share this:
Share
Two wrongs don't make a right. If you think some corporate CEO is a criminal and you can prove it, then contact authorities with your proof. I'm for hanging all criminals be they pirates or CEOs. It will help reduce over population. I hope Bill Gates is the first CEO to be hung and Paul Otellini the second.
And the less white-collar criminals they prosecute, the worst it is for the rest of the nation. Get your head out of your a**. I don't see the FBI going after those corporate scumbags for the millions of dollars in damages they are responsibly for, on a yearly basis. Wipe the Earth dry of its resources, all in the interest of money. Hell yeah! Sheep mother*****
The more hackers they prosecute the better.
Be careful out there.
http://bit.ly/dI3hcF