Symantec Advises Disabling Remote PC Software After Code Theft
Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.
While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code on Jan. 13.
Symantec is advising users to not to activate the tool until a comprehensive fix is released. The company has already released a pcAnywhere Hot Fix, which takes care of a handful of issues that hackers could theoretically exploit with the stolen code. However, Symantec stated that this one fix will not patch all the issues related to the now-vulnerable encryption protocol in the software.
"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," wrote Christine Ewing, a Symantec groups project manager, in a blog post. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information."
Speaking on the severity of this security breach, Alex Horan, product manager at Core Security, said that due to the nature of the pcAnywhere software, hackers that successfully exploit the code will have unrestricted access to a user's entire computer. " The goal of pcAnywhere is to allow a person to access and control another machine over the network/Internet," Ewing wrote, in a blog post. "If an attacker can determine a method by which they can take unauthorized and unauthenticated control of these machines they bypass all defensive layers, it is as though they walked into your building and sat down at your computer and simply started working."
Along with the source code for pcAnywhere, information for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack were also taken in an apparent cyber theft. However, unlike pcAnywhere, which is still using the similar code stolen in 2006, the other products have gone through major overhauls since the builds from six years ago.
For enterprise users, Symantec is recommending blocking ports associated with the remote client: "Customers should block pcAnywhere assigned ports (5631, 5632) on Internet facing network connections, or shut off port forwarding of these ports," wrote Symantec, in a white paper. "Blocking these ports will help ensure that an outside entity will not have access to pcAnywhere through these ports, and will help ensure that the use of pcAnywhere remains within the confines of the corporate network."
A timetable for the release of a comprehensive fix was not given.