Symantec admits to more exposed code
Symantec has, according to a Reuters report, added Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere to the list of products it now believes have been exposed. Previously, Symantec had said that only its enterprise products Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 had been exposed. It has also revealed that the source code was taken following an infiltration of Symantec's own network, and not from a hack of an Indian military intelligence server as previously claimed.
"Yama Tough", the spokesperson for the Indian hacking group "Lords of Dharmaraja", tweeted on Monday that they had released the pcAnywhere code "to blackhat community for 0d expltin!" (zero-day exploitation). Symantec says that it is contacting pcAnywhere customers to make them aware of the situation and to "provide remediation steps to maintain the protection of their devices and information".
The company says it believes it the code was stolen in 2006 and the products appear to be the 2006 versions of the applications. It is unclear if the six-year-old source code will be of any particular use to potential attackers. Products may have been rewritten, but by the same token, may have retained the same underlying architecture and flaws. Even then, though, those flaws would have to be located in the code and exploits developed for them that work on more recent releases of the software.
That Symantec have had to revise their original estimates of what code had been exposed raises some doubts over how effective their own security and audit procedures are. The company points out that it "has instituted a number of policies and procedures to prevent a similar incident from occurring" though it is unclear if these policies will be any more effective.