Symantec: Hackers did steal code, but it's old

By Dan Kaplan on Jan 9, 2012 8:33 AM
Filed under Software

Discontinued products.

Symantec has confirmed reports hackers compromised a portion of its source code, but claimed the stolen code is related to two enterprise security products that have been discontinued.

The code belonged to Endpoint Protection 11.0 and Antivirus 10.2, which are four and five years oldrespectively. Symantec's consumer security line, Norton, was not affected.

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solution," the company said in a Facebook update. "Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Symantec said an unnamed third-party network, not its own, was breached.

Last Thursday a cyber gang named The Lords of Dharmaraja claimed in a Pastebin document to possess source code belonging to a dozen software companies. A second document contained a sneak peak of the Symantec source code and promised a complete exposure.

A spokesman for the anti-virus company originally denied that any of the documents revealed code, but the company has since confirmed one did include a segment of the programming language.

Experts said the age of the code will likely prevent misuse.

"In general, there isn't much hackers can learn from the code which they hadn't known before," director of security strategy at Imperva, Rob Rachwald, said. "Why? Most of the anti-virus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection. With code that is four to five years old, chances are the software product has changed quite a bit, making the code even less useful."

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Symantec: Hackers did steal code, but it's old
 
 
 
 
 
Top Stories
Reseller pays $2.65m for telco specialist
Acquisition scene heats up as JCurve makes another buyout.
 
Kytec files for administration, new company set up
Driven by management buyout, says MD.
 
Dataflex reborn under new owners
Buyer aiming for $30m after second acquisition in six months.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 326 | April 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.