Symantec to Customers: Turn Off the Software!
Software companies have a simple goal -- get us to use their software! When it comes to pcAnywhere, Symantec has the opposite tack -- please don't use my software!
It seems that hackers stole the pcAnywhere source code, giving them the keys to the attack kingdom. Talk about open borders.
This is all pretty shocking but what really makes my hair stand on end is the fact that the code was stolen nearly six years ago. Only now is Symantec telling customers to deactivate the remote control software while it works on a fix.
The essential nature of the software makes attacks, to my mind, especially troublesome. After all, what is the top form of attack? Remote code execution. What does pcAnywhere do? Remotely control PCs. Double whammy!
Why did Symantec wait so long? Apparently it was hoping nothing untoward would be done with its source code, and so far no attacks are traced to the theft. However, the hacker group Anonymous is now making noise about the code, which has raised alarm bells.
Does this all scare the liver out of you, and how, as a vendor, would you handle it? Thoughts and conclusions welcome at firstname.lastname@example.org.
Posted by Doug Barney on 01/27/2012 at 1:19 PM