Feeds

Symantec source code leak becomes torrent

'In the name of god! You are killing our CPUs'

Security for virtualized datacentres

Hacktivists once again poked fun at Symantec after previously leaked source code for Symantec's Norton Utilities 2006 software was made available as a torrent on Monday. Symantec downplayed the significance of the leak, saying it only involved obsolete code that had already been exposed.

AntiSec tacked a mocking note onto the release of a 52MB file, which was uploaded to The Pirate Bay and other torrent tracker sites on Monday. "Anyhow with this release is nothing really to prove, just stop making shitty software in the name of god! Your [sic] are only killing our CPU's! [sic]"

"Respect & greetings to @AnonymousIRC @Par_AnoIA."

Back in January, a hacking group calling itself The Lords Of Dharmaraja boasted about stealing the source code for Symantec's security products from Indian government systems.

The security giant initially blamed the leak of source code for older enterprise products on a breach at the network of an unnamed third party, before later admitting that the source code of pcAnywhere and consumer products had also been exposed. It also confessed that the leak was actually down to an earlier (previously undetected) breach of its own systems back in 2006.

It said source code for the 2006-era versions of the following products had been exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.

Symantec took the highly unusual step in early February of advising customers of pcAnywhere to suspend use of the older versions of remote control desktop management software pending the release of a patch. Shortly after the patch became available, The Lords Of Dharmaraja leaked portions of pcAnywhere source code, together with an invitation for hackers everywhere to pour over the code in order to identify exploits against systems running Symantec's remote control software.

In a statement, Symantec said this week's release is tied to the earlier breach but is less significant than the pcAnywhere leak because it involves only obsolete code.

"Symantec is aware of the claims made online that a group has posted the source code for Norton Utilities 2006. We have analyzed the code that was posted and have concluded that it is the same code that was already posted by another group in January 2012.

As we stated at that time, the 2006 version of Norton Utilities is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities. Furthermore, we have no indications that the posting of this old code impacts the functionality or security of any other Symantec or Norton solutions.

Independent security experts, such as Imperva, have described the Lords Of Dharmaraja hack and subsequent source code leak saga as more of a trophy scalp for hacktivists than a serious risk to Symantec's customers.

"The implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers," Rob Rachwald, director of security strategy at Imperva, wrote at the time. "After all, there isn’t much hackers can learn from the code which they hadn’t known before [because] most anti-virus product is based on attack signatures." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.