Sometimes the past can come back to bite you. That?s exactly what is happening to Symantec right now. The company is dealing with a security issue related to a source code leak that took place in 2006.
The breach, which was not fully disclosed until January of this year, included the source code of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks. These, however, have been changed significantly since the leak. Symantec pcAnywhere has had fewer revisions, and so remains vulnerable.
Remote control of a vulnerable computer is the main concern. A hacker with access to the source code could use it to launch unauthorized remote sessions against the software, resulting in potential data theft.
Symantec claims that it did not know at the time of the breach that source code had been taken. The issue came to public light only when a hacker group posted it to the web. It was then jumped on by Anonymous. One member publicly tweeted All your NU+PCAnywhere base are belong to us.
The solution? For now, the only guaranteed solution is to stop using the software entirely. A hotfix has been released, but Symantec is continuing to investigate and plans to release several more patches. Companies that can’t afford to disable pcAnywhere are advised to practice best security practices until all issues are resolved – a nice way of saying that they’ll simply have to be patient and wait.