Symantec Confirms Norton AV Source Code Exposed
Friday, January 06, 2012
Infosec Island was provided with a file by an unidentified hacker going by the handle YamaTough which after preliminary analysis appeared to contain source code for the 2006 version of Symantec's Norton antivirus product.
Infosec Island provided Symantec with the file for analysis, which has now been completed.
Cris Paden, Sr. Manager for Corporate Communications at Symantec emailed Infosec Island editors with the following statement concerning the exposure of source code for the company's Norton antivirus product:
"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity."
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved."
"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
"However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized."
"Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts."
Though the code is for an older version of the Norton antivirus product, the impact of the exposure is still as of yet undetermined, and several questions remain:
- As the file provided to Infosec Island and passed on to Symantec was merely a sample of the material YamTough claimed to be in possession of, does that mean that code for more recent editions have not been compromised as well?
- What was the "third party" - presumably some entity related to the Indian government - doing in possession of the source code for the Symantec product?
- How much information would source code from 2006 provide to malware authors assuming that the entire product has not been reinvented from scratch since the time this code was produced?
Symantec officials have indicated they will be providing more information as they continue their investigation, and certainly more will be known if the entirety of the compromised data YamaTough claims to be in possession of is finally released to the public as has been threatened.
Stay tuned for more as this story develops into what could be one of the biggest data loss events of 2012, and just less than one week into the new year.
Previous coverage:
- https://www.infosecisland.com/blogview/19200-Symantec-Confirms-Source-Norton-AV-Code-Exposed.html
- https://www.infosecisland.com/blogview/19182-Update-3-Hackers-May-Leak-Norton-Antivirus-Source-Code.html
fonte: infosecisland
Nenhum comentário:
Postar um comentário
Obrigado pelo seu comentário, sua opinião é muito importante para que possamos estar avaliando os textos