Pcanywhere Customers At Risk!

[ritchie58]

Symantec is urging customers to disable PCAnywhere until it issues a software update to protect them against attacks that could result from the theft of the product's source code.

 

Someone broke into Symantec's network in 2006 and stole source code for PCAnywhere, which allows customers to remotely connect to other computers, as well as Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks, the company said last week. Earlier this month, hackers in India affiliated with the Anonymous online activist group said they had gotten the code off servers run by Indian military intelligence.

 

Hackers have threatened to use the pilfered code to attack companies using it and then release the code publicly. The affected products have been updated since 2007 so there is no risk to customers, except for PCAnywhere, Symantec said.

 

"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," the company said in a white paper (PDF) offering security recommendations for PCAnywhere customers released this week. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information.

 

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the paper said. Customers who rely on it for business critical purposes should install version 12.5 and apply relevant patches.

 

PCAnywhere 12.0, 12.1, and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product, according to Symantec.

 

"There are also secondary risks associated with this situation. If the malicious user obtains the cryptographic key they have the capability to launch unauthorized remote control sessions. This in turn allows them access to systems and sensitive data," the white paper warns. "If the cryptographic key itself is using Active Directory credentials, it is also possible for them to perpetrate other malicious activities on the network."

 

Update 3:31 p.m. PT: Separately, Symantec released a hotfix for several critical vulnerabilities in PCAnywhere on Tuesday, but said it did not know of any publicly available exploits.

 

 

Originally posted at InSecurity Complex by Elinor Mills

 

[bacic]

I haven't heard about PCanywhere in a ve-he-he-ry long while, I am surprised that someone took the time to actually hack it, but then again maybe I don't keep up with everything as much as I like to think I do. Speaking of PCanywhere though, has anyone heard about Audials Anywhere? There have been rumors going on about it lately and I couldn't help but notice the resemblance between these 2. I'd be curious to find out what this Audials Anywhere actually does, but everything I could find on the internet was related to Audials software..and not too much about the actual "Anywhere" part.

[Pedersen]

Just a small roundup about this topic:

http://www.zdnet.com.au/pcanywhere-code-never-changed-analyst-339332062.htm

 

An analysis of Symantec's leaked source code for PCAnywhere has revealed that the code has remained largely unchanged for the past 10 years, and that it could be turned into a back-door application.