All the latest UK technology news, reviews and analysis
|
|
|
06 Jan 2012
Security vendor Symantec has admitted that a "segment" of its source code has been compromised after hackers claimed to have gained access to the information by attacking Indian military servers using its products.
A post on Pastebin, which has been removed but remains in the form of a Google cache, claims that the information relates to Symantec's Norton AntiVirus software and will be released online in the near future.
The security company said it was working to identify how the information had been accessed. However, it said the code in question was only used in "two older enterprise products", one of which is now discontinued, while the code itself was "four or five years old".
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication the code disclosure impacts the functionality or security of Symantec's solutions," the company said.
"This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."
Symantec added that it did not believe any customer information was at risk, but it was still investigating the possibility.
Despite the embarrassing aspect of the theft, security firm Imperva agreed that it was unlikely to concern those at Symantec too much.
"There isn't much hackers can learn from the code, which they hadn't known before," Imperva said.
"Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection.
"Furthermore, malware versions continuously evolve in such a rate where signatures cannot keep up with them in the first place. The workings of most of the anti-virus algorithms have also been studied already by hackers in order to write the malware that defeats them."
The firm added that the theft could well have occurred from an attack on the Indian military, explaining that governments often demand access to the original source code of products to ensure they are not spyware.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Java Deveoper/Programmer/Software Engineer, Algo Trading...
Austin Fraser has the pleasure of appointing a number...
Austin Fraser has the pleasure of appointing a Java Developer...
Austin Fraser has the pleasure of appointing a Senior...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
No source code compromised
Just to clarifiy, your statement that source code has been leaked is not true. It was only a document which explained how the product worked, and did not include any source code.
Posted by: derchris 06 Jan 2012