Symantec Code Stolen - pcAnywhere at risk (and possibly AV as well)

[menotu]

Since Symantec admitted they'd been breached and some code was stolen there have been numerous reports especially about pcAnywhere...........

Symantec pcAnywhere is susceptible to local file tampering elevation of privilege attempts and  remote code execution attempts. It is possible to  run arbitrary code on a targeted system in the context of the application which is normally System.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

Doing a quick web search will bring up numerous articles

Plus

http://www.pclinuxos.com/forum/index.php/topic,101514.msg865991.html#msg865991

[parnote]

Ah, Windows ... as secure as a screen door in a hurricane.

If folks would just stop using that trash OS, and switch to Linux, there would be no need for software companies like Symantec or McAfee or any of the other peddlers of anti-virus, anti-malware, anti-spyware, or anti-any-ware.

Most of my friends and family who use Windows know how I feel (if you insist on using Windows, you're on your own), and I won't fix their virus-ridden computers. By fixing their computers, I enable them to stay with a broken OS that can't be made secure.

[djohnston]

By fixing their computers, I enable them to stay with a broken OS that can't be made secure.

+1

[Waldo22]

Ah, Windows ... as secure as a screen door in a hurricane.

If folks would just stop using that trash OS, and switch to Linux, there would be no need for software companies like Symantec or McAfee or any of the other peddlers of anti-virus, anti-malware, anti-spyware, or anti-any-ware.

Most of my friends and family who use Windows know how I feel (if you insist on using Windows, you're on your own), and I won't fix their virus-ridden computers. By fixing their computers, I enable them to stay with a broken OS that can't be made secure.

An excellent suggestion!  I have been a dummy for taking on all these tasks for friends!  New policy: No Linux, No fix.  I like it!

[catlord17]

By fixing their computers, I enable them to stay with a broken OS that can't be made secure.

+1

+1

"No linux, no help" is my policy for a long time... and it's added a decade or more to my lifespan!

[menotu]

Andy Greenberg - 7-Feb-2012 (Forbes)

As Hackers Leak Symantec's Source Code, Firm Says Cops Set Up Extortion Sting Operation

Source code from the antivirus firm Symantec has been held hostage for the last month in a tense negotiation between the Anonymous hackers who stole that code and law enforcement agents who impersonated Symantec execs to set up a sting operation aimed at tracking down the data thieves. Now it seems the negotiations are over, and the hostage is dead. (       )

Hackers associated with the group Anonymous known as the Lords of Dharamaja leaked what appears to be another 1.27 gigabytes of source code from Symantec Monday night, what they claim is the source code of the Symantec program PCAnywhere. The leak comes as little surprise: Symantec had previously revealed that the hackers had obtained 2006 versions of that code along with other Symantec products from the same time period, and warned users of PCAnywhere to disable its functionality until they patched the program earlier this month.

More interesting is another release from the same hackers: An email chain that shows what appears to be a Symantec staffer offering the hackers $50,000 to not release the code and to publicly state that they didn’t possess it. “We can pay you $2,500 per month for the first three months,” the email from someone at Symantec named Sam Thomas reads. “In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem.”

..........................

“Anonymous has been talking to law enforcement, not to us,” Paden says. “No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation.”


Full article

[oldlobo]

ear, ear lol