Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Digital Life
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Symantec Softpedals Indian Source Code Theft
Symantec Softpedals Indian Source Code Theft

By Jennifer LeClaire
January 6, 2012 2:46PM

Bookmark and Share
"In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats, said Cris Paden, Symantec spokesman. "If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years. It doesn't minimize the situation, but it helps."
 


Symantec is working to soften the revelation that a segment of its source code for Norton products was stolen in a security breach. But is it enough to convince customers that Symantec is holding its security secrets tight to its chest?

An Indian hacking group is claiming that it got its hands on source code used in the Norton anti-virus program. Known as the Lords of Dharmaraja, the group is making threats to take the source code public, potentially giving a black eye to the security industry leader.

Yama Tough, a hacker in Mumbai, is serving as spokesman for the Lords of Dharmaraja. He claims the group obtained the source code from less-than-bulletproof Indian government servers.

Hackers Speak Out

"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group said in a statement on its Google+ page.

"Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from U.S. and India government agencies."

Symantec Answers Back

Cris Paden, a senior manager for Symantec's corporate communications, said the drama began on Wednesday. That's when a local chapter of Anonymous from India claimed in an online forum they possessed source code for Symantec's Norton Antivirus solutions.

"Symantec's Information Security team investigated the claims and found that instead they possessed documentation from 1999 describing how Norton Antivirus worked, but no source code was included. Hence, the claim was false," Paden said.

However, he added, on Thursday morning, the same chapter announced they possessed additional code. Based on the samples they provided to the same online forum, Symantec's Information Security team investigated and confirmed they did indeed have code; but that it was 4 and 5 years old and pertained to two enterprise products, SEP 11, and SAV 10.2.

10 Million Updates Later

"While SAV 10.2 is still serviced by Symantec, it has been discontinued. SEP 11 has since evolved into SEP 12.0 and 12.1," Paden said. "This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."

Symantec recommends users keep their product version updated to ensure protection against any new threats that might materialize as a result of this incident.

"Another thing to bear in mind: In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years," Paden said. "It doesn't minimize the situation, but it helps as far as a perspective on how old this code is."
 

Tell Us What You Think
Comment:

Name:

Papa Rocks:

Posted: 2012-01-09 @ 8:55am PT
This is the first "complete" description of the incident I have read. While it is disturbing source code was gained from such a central security providor, it is neither shocking they were targetted or indicative of a huge exposure. It is very old code in security terms and seems to be a piece of code that by itself may be of limited or no risk. Orgs that are using current versions seem to be unaffected and those on these old or expired versions were at some risk being out of date anyway.

I would hope Symantec and others take a good hard look at restricting further who they share their code with, even old code.
Lesson Learned.

Lets see if this incident can help us find anonymous though. These nuts are going to hurt someone if they are not stopped



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Digital Life
1.   Hangouts Now More Biz Friendly
2.   Virgin Mobile Offers Custom Plans
3.   Asana Revamps Mobile App
4.   FTC Wants Fix for Mobile Cramming
5.   Facebook To Force Use of Messenger


advertisement
Android 'Fake ID' Puts Millions at Risk
Users: stick to apps from Google Play.
Average Rating:
OkCupid Experiments with Daters
Unethical without user consent?
Average Rating:
Apple Digital Book Settlement Set
But company still appealing decision.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
Tor Internet Privacy Service Warns Users It Was Breached
You may never have heard of the Tor Project, but the Internet privacy service is making headlines. Tor’s devs say users might be victims of an attack launched against the project earlier this year.
 
Canadian Government Charges China with Cyberattack
The government of Canada is not happy with China. Canadian officials have accused "a highly sophisticated Chinese state-sponsored actor" of launching a cyberattack on its National Research Council.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 
FTC Wants Fix for 'Perfect Scam' of Mobile Cramming
The U.S. Federal Trade Commission has issued new guidelines to curb “mobile cramming,” a troublesome practice that adds unauthorized third-party charges to mobile phone bills.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.