Many travelers use pcAnywhere to get access to other computers.

There was a security breach (in 2006, believe it or not) and the code has clearly been compromised.

Other products such as LogMeIn are not impacted by this.

If you use pcAnywhere, both Symantec (the maker of pcAnywhere) and I would strongly advise that you immediately switch to another program.

FWIW; the security breach wasn't in 2006 - the code recently stolen was claimed to be FROM 2006 and applies to the xxx 2006 versions of the programs.

At first Symantec tried to brush it off, but yesterday they changed their tone. To me, losing your source code as a security company is probably one of the worst things you could ever do.

A great understatement - I would characterize it as THE worst.

On their website they are now saying the code was taken in 2006. It's good it only took them five or six years to notice, though they state they have teken steps since then to prevent it from happening again, so I bet they did know, but did not tell anybody they were exposed:

January 26, 2012, 12:50 PST

Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.

Furthermore, there are no indications that customer information has been impacted or exposed at this time.

The rest of the release is here

http://www.symantec.com/theme.jsp?th...us-code-claims

For a company that's business is doom and gloom, one would think they would have been all over this and not waited all this time for another group to announce there was an issue.

I strongly disagree.

There's nothing inherently insecure about source code being publicly available.

The problem is that attackers now have visibility into the poor coding skills ofSymantec and are now able to craft new attacks. Had the source code been available all along, things like this wouldn't really be an issue. Symantec is probably aware of existing vulnerabilities that they didn't take the time to fix, but now might be obvious to a skilled coder. Bad, bad, bad.

Plenty of security software is open source, and available for all to see. See: SSH, OpenSSL, and GPG. OpenSSL powers many many many many web sites (e.g., Google, Amazon, and others). It's what encrypts your credit card data for these sites, and it's source code is available to everyone.

The Linux OS is available open source, and when critical vulnerabilities are found, they are fixed...in minutes or hours, not weeks or months like it takes Microsoft and Apple. Or I guess not at all by Symantec.

When a program is open source, then of course you are right. But when a program is not open source, companies do (as you point out) have fewer incentives to deal with bad code and vulnerabilities so they let things slide.

The open source community would fix things in hours sometimes versus years at non OS organizations.


The problem is that Symantec lost control of its source code in 2006, didn't tell anyone, didn't address the vulnerabilities, and now has egg on its face (to put it mildly).

A source at Symantec (a colleague spoke to someone) confirmed the breach was in 2006 and an article by a colleague of mine reflects that.

WOW - now they can't even get that story straight. The initial story was that hackers stole code, but nobody should worry, because the code was from 2006. And now they claim the hack is six years old...

Ouch.

This is why I made the reporter go beyond the printed statement and speak to someone so we have a trail in our reportage.

Is there an emoticon for "mouth agape"?

To me, this one does it:

Exactly. To me this is a clear indication that they can't do security. Flaws from that far back are still an issue???

In the news again today for new releases

Tue Feb 7, 2012 6:25pm EST
* Code for pcAnywhere published

* Symantec says customers safe

* More releases expected

By Joseph Menn and Frank Jack Daniel

Feb 7 (Reuters) - A hacker released the source code for antivirus firm Symantec's pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

http://www.reuters.com/article/2012/...8D77TN20120207

I am not very familiar with pcAnywhere but I know my brother was using it a while ago..The name reminds me of Audials Anywhere though. I suppose the have something to do with file sharing?