Anti-virus giant Symantec says it did not know back in 2006 that source code for its software was stolen when it experienced a breach at that time.
The company surprised the public last week when it disclosed that hackers had obtained source code for its pcAnywhere software and other products, and that the code had likely been stolen in a six-year-old breach that Symantec had never disclosed.
Symantec said in its announcement that users should disable pcAnywhere until the company had time to update the software to ensure that hackers are unable to exploit holes they might find in the code.
The pcAnywhere software is a popular remote access program that lets administrators get into computers to troubleshoot and also allows mobile users on the road to access content on their office desktop. It’s also installed on point-of-access terminals in stores and restaurants to allow administrators to update software that’s used to process the information on credit and debit cards as they’re scanned at a register check-out.
What was unclear from Symantec’s disclosure, however, was just how long Symantec had known its source code had been breached. The statement left open the question of whether Symantec knew in 2006 that its source code was taken and only disclosed it this month after hackers claimed to have it.
But Symantec spokesman Cris Paden told Threat Level that the company did not know before this month that the pcAnywhere source code had been stolen.
“We knew there was an incident in 2006,” he told Threat Level. “But it was inconclusive at the time as to whether or not actual code was taken or that someone had actual code in their hands.”
Following the public claim of hackers earlier this month that they had source code for pcAnywhere and other Norton Utilities, Paden said the company went back through its logs and records and “put 2 and 2 together that there was a source code theft.”
Asked to clarify that the company indeed maintained six-year-old server logs that it could go back and examine, Paden said, “We keep logs as far back, as long as we have had software to keep logs.”
http://www.wired.com/threatlevel/2012/01/symantec-source-code-hack
If I'm a pcANYWHERE user (which would be hard to believe in this day and age) my question to Symantec would be this - who has had access to my information and for how long?
So much for an exhaustive investigation after the theft SIX YEARS AGO.
0 comments:
Post a Comment