Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Home Network Security Viruses & Malware Hackers Security Solutions More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
CIO Issues
Fiercely productive scanners
Average Rating:
Rate this article:  
Symantec Softpedals Indian Source Code Theft
Symantec Softpedals Indian Source Code Theft

By Jennifer LeClaire
January 6, 2012 2:46PM

Bookmark and Share
"In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats, said Cris Paden, Symantec spokesman. "If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years. It doesn't minimize the situation, but it helps."
 


Symantec is working to soften the revelation that a segment of its source code for Norton products was stolen in a security breach. But is it enough to convince customers that Symantec is holding its security secrets tight to its chest?

An Indian hacking group is claiming that it got its hands on source code used in the Norton anti-virus program. Known as the Lords of Dharmaraja, the group is making threats to take the source code public, potentially giving a black eye to the security industry leader.

Yama Tough, a hacker in Mumbai, is serving as spokesman for the Lords of Dharmaraja. He claims the group obtained the source code from less-than-bulletproof Indian government servers.

Hackers Speak Out

"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group said in a statement on its Google+ page.

"Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from U.S. and India government agencies."

Symantec Answers Back

Cris Paden, a senior manager for Symantec's corporate communications, said the drama began on Wednesday. That's when a local chapter of Anonymous from India claimed in an online forum they possessed source code for Symantec's Norton Antivirus solutions.

"Symantec's Information Security team investigated the claims and found that instead they possessed documentation from 1999 describing how Norton Antivirus worked, but no source code was included. Hence, the claim was false," Paden said.

However, he added, on Thursday morning, the same chapter announced they possessed additional code. Based on the samples they provided to the same online forum, Symantec's Information Security team investigated and confirmed they did indeed have code; but that it was 4 and 5 years old and pertained to two enterprise products, SEP 11, and SAV 10.2.

10 Million Updates Later

"While SAV 10.2 is still serviced by Symantec, it has been discontinued. SEP 11 has since evolved into SEP 12.0 and 12.1," Paden said. "This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."

Symantec recommends users keep their product version updated to ensure protection against any new threats that might materialize as a result of this incident.

"Another thing to bear in mind: In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years," Paden said. "It doesn't minimize the situation, but it helps as far as a perspective on how old this code is."
 

Tell Us What You Think
Comment:

Name:

Papa Rocks:

Posted: 2012-01-09 @ 8:55am PT
This is the first "complete" description of the incident I have read. While it is disturbing source code was gained from such a central security providor, it is neither shocking they were targetted or indicative of a huge exposure. It is very old code in security terms and seems to be a piece of code that by itself may be of limited or no risk. Orgs that are using current versions seem to be unaffected and those on these old or expired versions were at some risk being out of date anyway.

I would hope Symantec and others take a good hard look at restricting further who they share their code with, even old code.
Lesson Learned.

Lets see if this incident can help us find anonymous though. These nuts are going to hurt someone if they are not stopped



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 CIO Issues
1.   OpenSSL Calls for More Support
2.   Heartbleed Flaw Affects Hardware
3.   Is a Web Site Safe from Heartbleed?
4.   States Probing Massive Data Breach
5.   AWS Launches Cost Explorer Utility


advertisement
Internet Devices Lure Hackers
Mundane devices end up in online crime.
Average Rating:
Heartbleed Flaw Affects Hardware
Cisco, Juniper equipment vulnerable.
Average Rating:
States Probing Massive Data Breach
Credit giant Experian in the hot seat.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Google's Street View Software Unravels CAPTCHAs
The latest software Google uses for its Street View cars to read street numbers in images for Google Maps works so well that it also solves CAPTCHAs, those puzzles designed to defeat bots.
 
Canadian Teen Arrested for Heartbleed Hack
One week after the OpenSSL Heartbleed vulnerability was unveiled, Canadian authorities have made the first arrest -- a London, Ontario teenager -- connected to exploiting the security hole.
 
IBM Offers Security, Disaster Recovery as SoftLayer Service
New disaster recovery and security services for SoftLayer clients are being added by IBM. Big Blue said the new capabilities will speed cloud adoption by alleviating concern over business continuity.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
Google Glass may find its first markets in verticals in which hands-free access to data is a boon. Medicine is among the most prominent of those, as seen in a number of Glass experiments under way.
 

Mobile Technology Spotlight
Google Releases Chrome Remote Desktop App for Android
You're out on a sales call, and use your Android mobile device to grab a file you have back at the office on your desktop. That's a bit easier now with Google's Chrome Remote Desktop app for Android.
 
Amazon 3D Smartphone Pics Leaked
E-commerce giant Amazon is reportedly set to launch a smartphone after years of development. Photos of the phone, which may feature a unique 3D interface, were leaked by tech pub BGR.
 
Zebra Tech Buys Motorola Enterprise for $3.45B
Weeks after Lenovo bought Motorola Mobility’s assets from Google for $2.91 billion, Zebra Technologies is throwing down $3.45 billion for Motorola’s Enterprise business in an all-cash deal.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Hackers | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.