The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / CIO Issues / Symantec Softpedals Theft of Code
DDoS Protection Powered By Verisign
Symantec Softpedals Indian Source Code Theft
Symantec Softpedals Indian Source Code Theft
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
06
2012


Symantec is working to soften the revelation that a segment of its source code for Norton products was stolen in a security breach. But is it enough to convince customers that Symantec is holding its security secrets tight to its chest?

An Indian hacking group is claiming that it got its hands on source code used in the Norton anti-virus program. Known as the Lords of Dharmaraja, the group is making threats to take the source code public, potentially giving a black eye to the security industry leader.

Yama Tough, a hacker in Mumbai, is serving as spokesman for the Lords of Dharmaraja. He claims the group obtained the source code from less-than-bulletproof Indian government servers.

Hackers Speak Out

"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group said in a statement on its Google+ page.

"Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from U.S. and India government agencies."

Symantec Answers Back

Cris Paden, a senior manager for Symantec's corporate communications, said the drama began on Wednesday. That's when a local chapter of Anonymous from India claimed in an online forum they possessed source code for Symantec's Norton Antivirus solutions.

"Symantec's Information Security team investigated the claims and found that instead they possessed documentation from 1999 describing how Norton Antivirus worked, but no source code was included. Hence, the claim was false," Paden said.

However, he added, on Thursday morning, the same chapter announced they possessed additional code. Based on the samples they provided to the same online forum, Symantec's Information Security team investigated and confirmed they did indeed have code; but that it was 4 and 5 years old and pertained to two enterprise products, SEP 11, and SAV 10.2.

10 Million Updates Later

"While SAV 10.2 is still serviced by Symantec, it has been discontinued. SEP 11 has since evolved into SEP 12.0 and 12.1," Paden said. "This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."

Symantec recommends users keep their product version updated to ensure protection against any new threats that might materialize as a result of this incident.

"Another thing to bear in mind: In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years," Paden said. "It doesn't minimize the situation, but it helps as far as a perspective on how old this code is."

Tell Us What You Think
Comment:

Name:

Papa Rocks:

Posted: 2012-01-09 @ 8:55am PT
This is the first "complete" description of the incident I have read. While it is disturbing source code was gained from such a central security providor, it is neither shocking they were targetted or indicative of a huge exposure. It is very old code in security terms and seems to be a piece of code that by itself may be of limited or no risk. Orgs that are using current versions seem to be unaffected and those on these old or expired versions were at some risk being out of date anyway.

I would hope Symantec and others take a good hard look at restricting further who they share their code with, even old code.
Lesson Learned.

Lets see if this incident can help us find anonymous though. These nuts are going to hurt someone if they are not stopped

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN CIO ISSUES
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Mobile Technology Spotlight
iWatch Watch: What Will Apple Ask Us To Wear?
There are still more questions than answers when it comes to details about the smart watch Apple seems poised to debut on Sept. 9. In fact, nobody seems completely sure that it will be a smart watch at all.
 
Samsung Maps Its Way with Nokia's 'Here' App for Galaxy Phones
Korean electronics giant Samsung has opted to license Here, Nokia’s mapping app -- formerly known as Nokia Maps -- for its Tizen-powered smart devices and Samsung Gear S wearable.
 
Google Successfully Tests Its Own Delivery Drone
While top technology companies are engaged in an "arms race" to develop drones that can quickly deliver goods to anyone anywhere, Google has revealed it successfully tested its own version.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.