Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security News

Symantec Looks Into Claims of Stolen Source Code 116

Posted by samzenpus from the all-your-code-are-belong-to-us dept.
wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.
This discussion has been archived. No new comments can be posted.

Symantec Looks Into Claims of Stolen Source Code More

Symantec Looks Into Claims of Stolen Source Code

Comments Filter:

  • Symantec released a more up to date statement... (Score:5, Informative)

    by Anonymous Coward on Friday January 06, 2012 @01:35AM (#38606922)

    ...on Facebook (yeah, I dunno). http://www.facebook.com/Symantec/posts/10150465997682876

    Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts

  • Re:Why does the Indian military have the source??? (Score:5, Informative)

    by nmb3000 ( 741169 ) on Friday January 06, 2012 @02:58AM (#38607282) Journal

    Wow, so the Indian military works with major US vendors like Norton to spy on their own people (and I assume other countries people since it will be the same source????)

    I assume they have the source code so they can insert extra bits and dispatch spyware the next time Norton auto-updates?

    You get an auto-update, they get a spyware app into your PC. Is that it?
    I don't think the scandal here is that the source code was stolen, it is a scandal that Norton cooperates will military spyware!!

    Wow, +4 already? The tinfoils must be up and about today.

    Believe it or not, most major software vendors have licenses and policies in place (e.g., Microsoft [microsoft.com]) to allow sensitive institutions (governments, defense contractors, etc) access to their source code. The primary reason is actually the opposite of what you say. Customers such as the Indian government want to be able to see what's actually in the code before they agree to buy and install it on their own systems and network.

    Think of it as the 1% always getting to run open-source software because they have the clout to demand it (and under strict a NDA).

    Occupy Microsoft!

  • Re:Why does the Indian military have the source??? (Score:5, Informative)

    by rgbrenner ( 317308 ) on Friday January 06, 2012 @03:03AM (#38607296)

    Wow... so many assumptions in one post.

    Don't you think the Indian military needs anti-virus software? Don't you think they would need to examine the source code before running software from an American company on potentially sensitive systems? And don't you think Symantec would give it to them to secure the contract?

  • Actually, they probably want to audit the code for backdoors and other security vulnerabilities before deploying the software on their systems. A whole bunch of governments got snookered when Cryto AG [wikipedia.org] sold closed-source encryption software with a backdoor that allowed the US government to easily break their communications. In particular, the NSA was rumored to have backdoored Crypto AG systems since the fifties, allowing the US government to spy on communications from such warm and fuzzy countries as Iran.

  • A little perspective (Score:2, Informative)

    by Anonymous Coward on Friday January 06, 2012 @07:03AM (#38608114)

    A lot of Symantec haters out there. Funny

    Lets put some things in to perspective here.

    1. Norton is a consumer product. SEP is the enterprise product - Two very different products with very different code and both have been re-written a couple of years ago. (Works a lot better than before and is less "bloated")
    2. I would very much doubt that a government defense organization would be purchasing a consumer product like Norton.
    3. The segments of code found are from SAV (last rolled out apporximatley 5 years ago and does not exist anymore ) and SEP 11 (released 4 years ago and is no longer sold as SEP 12.1 is the current version and this was re-written to include new technology)

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close