Symantec is urging customers to disable PCAnywhere until it issues a software update to protect them against attacks that could result from the theft of the product’s source code.
Someone broke into Symantec’s network in 2006 and stole source code for PCAnywhere, which allows customers to remotely connect to other computers, as well as Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks, the company said last week. Earlier this month, hackers in India affiliated with the Anonymous online activist group said they had gotten the code off servers run by Indian military intelligence.
Hackers have threatened to use the pilfered code to attack companies using it and then release the code publicly. The affected products have been updated since 2007 so there is no risk to customers, except for PCAnywhere, Symantec said.
“Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” the company said in a white paper (PDF) offering security recommendations for PCAnywhere customers released this week. “Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. Read More