Various media outlets are today carrying an AAP report of a survey that purports to show increased support for the NBN. Had these outlets dug a bit deeper they might have found that the story was somewhat different.
Following the 'liberation' of source code for the 2006 versions of many of its products, Symantec initially indicated that the latest versions were so different that there wasn't a problem. Perhaps that wasn't true of pcAnywhere.
It would appear that an Indian hacker managed to access the source code for the 2006 version of much of Symantec's product suite. Interestingly, it seems that the source of the breach was the Indian government.
This particular source probably isn't surprising as many software companies are expected to disclose their code to foreign governments in order to win business. Oddly, there is a level of distrust that such companies may have installed 'backdoors' at the instigation various US-based "men in low hats."
The surprise is that the government repository was so easily accessed.
Be that as it may, it is reasonable to assume that security software evolves at a relatively high rate, given the rapid evolution of the threats it is intended to deal with. And thus any similarity between the 2006 version and the current version would be cursory at best.
Except, it seems, when it comes to Symantec's remote-access software pcAnywhere.
Effective immediately, Symantec has advised all users of pcAnywhere to stop using the product until an updated version (which is clearly under urgent development) is available.
Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.
At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.
One might have hoped that a properly built package would have been immune to source inspection, but it seems not to be true; suggesting that there are connection 'secrets' or other useful information enshrined in there.
With that in mind, perhaps the Indian government was on to something after all.
David Frost
| SYDNEY, Feb. 22, 2012—Silver Peak Systems, the leader in data centre class wide area network (WAN) optimisation, today continues to revoluti…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
