Symantec: For now disable pcAnywhere

Home > Mobile > Microsoft Announces Tenth Android Deal With Manufacturers > Twitter Redesigns for Better Navigation > Automakers Show That Texting and Driving Can Mix > Social Media as Time Machine > Bobsled Messaging for Android Comes to T-Mobile USA > Some Thoughts on Lotusphere and the New Communications Paradigm > Google Explores Ways to a Faster Internet > Twitter To Censor Content in Select Countries > 2012 Brings 1st Super Bowl Command Center > Microsoft Gears Up For Cloud Management Launch > Lotusphere: IBM Targets Social Analytics Applications > New York Attracts $4.4 Billion Consortium Chip Investment > Overtime Pay for Responding to Email after Hours? > SOASTA Offers Smart Mobile App Testing Via the Cloud > Jerry Yahoo, Co-Founder of Yahoo Steps Away > Apple Opens Supplier Factory Doors to Monitors > Virtustream to Leverage Excess Capacity With Enomaly Buy > Symantec: For now disable pcAnywhere

Print This Page

Send to a Friend

Author: John Duckgeischel on January 26, 2012 - 8:02 AM

Symantec says that the pcAnywhere product is vulnerable to the Anonymous hackers group and is taking the unprecedented step of recommending that product owners unplug or disable the software while security bug fixes are developed. The pcAnywhere software is popular with users that want remote access to their desktop computer while they are on the road. "This is the first time I have seen a company of Symantec's scale tell their customers to stop using a shipping product, especially one that many users depend on for remote access," stated HD Moore, chief technology officer of Rapid7. It seems that source code leaks are a major source of concern. First there was a pcAnywhere source code leak in 2006 and then last week Symantec admitted that its network experienced a breach in 2006 and that a segment of its source code had been accessed. "It's certainly a new precedent for a security breach," commented Andrew Storms, director of security operations at nCircle Security. "Talk about dirty laundry getting aired."

Symantec advice was to the point. "At this time, Symantec recommends disabling the product until we release a final set of software updates that resolve currently known vulnerability risks," according to a statement on Wednesday. In a post in early January by “Yama Tough” who claims to be part of a group of hackers called "Lords of Dharmaraja" published stolen information and stated plans to distribute pcAnywhere source code to other hackers including the Anonymous hackers. "The encoding and encryption elements within pcAnywhere are vulnerable," said Symantec in a report published this week. "It is possible that successful man-in-the-middle attacks may occur depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials." Symantec commented that pcAnywhere traffic can by identified by hackers that could possibly plant a Trojan-based bot on a PC.