Tag Archives: Symantec

Symantec Code Leak – Oh..Oh…..

2012/01/06 1:40 amLeave a Comment

Symantec Code Leak

 

Rumor has it that hackers have obtained the source code for Symantec’s Norton AV. A posting on pastebin presented the file list and hackers are claiming that they also have the code itself. While the code is not yet out, hackers are saying that it is just a matter of time as they are considering how to best publish this information.

As a major DLP vendor, this is quite embarrassing on Symantec’s part. It’s reasonable to assume that the retrieval of such a list could be a result of the files residing on a test server which was mistakenly exposed, or a posting to FTP which unintentionally became public. It also seems, if you trust the hackers’ boasting, that the code was obtained from the Indian military. Many governments do require source code from vendors to prove the software isn’t spyware.

If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers. After all, there isn’t much hackers can learn from the code which they hadn’t known before. Why? Most of the anti-virus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection (in 2007, antivirus could only detect between 20-30% of malware). We noted in our blog on the Black Hole Exploit that only 30% of AV would have been effective. Further, malware versions continuously evolve in such a rate where signatures cannot keep up with them in the first place. The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors.

If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself. But that is a big if and no one but Symantec knows what types of weaknesses hackers could find.

via Symantec Code Leak – Imperva Data Security Blog.

Post to Twitter

Posted in Security Related NewsTagged , , ,

Symantec confirms Reader exploits targeted defense companies through PDF!

2011/12/09 9:40 amLeave a Comment

Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.

“We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview Wednesday.

Symantec mined its global network of honeypots and security detectors — and located email messages with attached malicious PDF documents — to come to that conclusion.

The inclusion of defense contractors was not unexpected.

Read more: http://www.computerworld.com/s/article/9222496/Symantec_confirms_Reader_exploits_targeted_defense_companies

To check you PDF files u could use PDF X-RAY.

Post to Twitter

Posted in Security Related NewsTagged , ,
WordPress Appliance - Powered by TurnKey Linux