News

Symantec Advises Disabling Remote PC Software After Code Theft

Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.

While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code on Jan. 13.

Symantec  is advising users to not to activate the tool until a comprehensive fix is released. The company has already released a pcAnywhere Hot Fix, which takes care of a handful of issues that hackers could theoretically exploit with the stolen code. However, Symantec stated that this one fix will not patch all the issues related to the now-vulnerable encryption protocol in the software.  

"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," wrote Christine Ewing, a Symantec groups project manager, in a blog post. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information."       
Speaking on the severity of this security breach, Alex Horan, product manager at Core Security, said that due to the nature of the pcAnywhere software, hackers that successfully exploit the code will have unrestricted access to a user's entire computer. " The goal of pcAnywhere is to allow a person to access and control another machine over the network/Internet," Ewing wrote, in a blog post. "If an attacker can determine a method by which they can take unauthorized and unauthenticated control of these machines they bypass all defensive layers, it is as though they walked into your building and sat down at your computer and simply started working."

Along with the source code for pcAnywhere, information for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack were also taken in an apparent cyber theft. However, unlike pcAnywhere, which is still using the similar code stolen in 2006, the other products have gone through major overhauls since the builds from six years ago.

For enterprise users, Symantec is recommending blocking ports associated with the remote client: "Customers should block pcAnywhere assigned ports (5631, 5632) on Internet facing network connections, or shut off port forwarding of these ports," wrote Symantec, in a white paper. "Blocking these ports will help ensure that an outside entity will not have access to pcAnywhere through these ports, and will help ensure that the use of pcAnywhere remains within the confines of the corporate network."

A timetable for the release of a comprehensive fix was not given.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Clarifies Project Cortex's Scope, IT Controls and Product Delivery in Q&A

    Microsoft recently offered a Q&A session on Project Cortex, its emerging "knowledge network" solution for Microsoft 365 users.

  • How To Use .CSV Files with PowerShell, Part 2

    In the second part of this series, Brien shows how to import a .CSV file into a PowerShell array, including two methods for zooming in on just the specific data you need and filtering out the rest.

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.