Symantec: disable pcAnywhere until fully patched
- 27 January, 2012 08:00
- Comments
Symantec on Tuesday took the dramatic step of advising customers of its secure communications product pcAnywhere to disable it, confirming that a 2006 data breach in which hackers stole its source code had led to a heightened risk of a successful attack.
The move follows ongoing taunts by Anonymous-aligned hacker under the Twitter handle, YamaTough, who claimed on 16 January that pcAnywhere's source code had been released to the blackhat hacking community for "0d" (zero day) exploiting.
Symantec's whitepaper addressing the threat of the disclosure clarified that products exposed in the 2006 breach included that year's versions of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks.
However, the the only product at present that puts customers at increased risk is pcAnwhere, a standalone PC to PC communications product that currently supports 50,000 customers, Symantec told Reuters. However, it is also bundled with several Altiris enterprise products while pcAnywhere Thin Host is bundled with a number of its backup and security products.
"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in its whitepaper.
It appears that some of those patches came Tuesday in the form of version 12.5.3, addressing three known flaws for versions in the 12.5.x bracket, which it believed had not been exploited yet.
However, more patches were planned for the week until it addresses all known flaws, including those for 12.0 and 12.1, Symantec reported on its blog.
Still, anyone that has the source the code remains a potential threat, it reported in its whitepaper, meaning they could exploit the product's encoding and encryption, leaving customer data and potentially credentials exposed to theft, depending on the network's configuration and whether or not other malicious software, such as a network sniffer, was operating in the environment.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- EMC 15-Minute Guide to Smarter Backup Transform your future
- Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
- Data Center Physical Infrastructure: Optimising Business Value
- Oracle Exadata Database Machine Warehouse Architectural Comparisons
- Collaborative software delivery: Managing today’s complex environment to improve software quality
-
CSIRO develops hands-free technology for mining repairs
-
Broadband Forum to improve IPTV performance with new spec
-
Amazon Web Services moves backups to cloud with new appliance
-
Callforfree.net.au offers free calls to 70 countries
-
Intel ponders solar-powered CPU tech in graphics, memory
Comments
Post new comment