Monday, January 9, 2012

Symantec Confirms Anonymous Took Product Source Code

crn.com

Symantec (NSDQ:SYMC) confirmed Friday that an India-based chapter of hacker collective Anonymous had accessed the network of an unidentified third party and had taken source code from two of its corporate security products.
The vendor said code samples provided Thursday to an online community of security professionals called Infosec Island were from two products: Symantec Endpoint Protection 11 and Symantec AntiVirus 10.2. The vendor supports the latter, but no longer sells it, while the former is currently on version 12.1. The code was four or five years old, according to Symantec.
"It would be very difficult to do anything with (the code), because it is so old," Symantec spokesman Cris Paden said.
Malware designed to take advantage of the code would only work on the older products. Therefore, hackers would have to find a company that had not updated its security software in years, an unlikely scenario. "They would have been annihilated a long time ago from cyber threats," Paden said.
Symantec claimed the theft did not indicate that source code in its current products could be taken. The software today is architected differently, so the techniques used to take code from the older products won't work, Paden said. "It's not possible that they would be able to access current-day code."

No comments: