Remember the sensational theft of the source code of the Symantec products occurred in the last weeks? On that occasion the company, with impeccable timing, immediately took the distance from the event claiming that its customers could remain calm because the souce code stolen were older and in any case the data breanch was not affected enterprise systems but the network of Indian Government that possesed the codes through an agreement with the company.
The news of course is one of those sensational, one of the leading players in the field of computer security may have been mocked by a group of Indian hackers, of course, until there isn’t a direct fallout on the end user every event remains confined to the web without some discussion lead to further problems.
Immediately, the situation was complicated, on the web some rumors indicated that the source code, even dating back to 2006, had been stolen directly from Symantec’s network, aggravating the position of the company.
Why in fact the company had declared the false, and no one has asked why the Indian government that was accused of being mocked has not publicly denied the Symantec.
Another disturbing fact absurd a management point of view of the event is the media claiming that the customers there would be no impact and instead the Reuters news agency yesterday announced that the Symanec asked to its users to disable its pcAnywhere software.
The situation is obviously serious and maybe hide other truths. Like me, you’re probably wondering which truths, but I can only venture a few hypotheses.
Let’s return then the announcement made yesterday by Symantec, most direct acknowledgement to date that the stolen source code put customers at risk of attack, that is why the company has requested to uninstall PcAnywhere, a software present in many Symantec bundle used manage remote access connection.
The decision was taken, however, only after the announcement that an attacker named YamaTough released the source code of PC software and Norton Utilities and he after he have threatened to publish widely used anti-virus programs. The company has published a white paper that indicates the situation is more serious.
“At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks,” it said in the white paper. (bit.ly/wPzX7v).
“The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident,” it said on its website. (bit.ly/wqtxTI)
I conclude by raising serious doubts about the way in which Symantec is managing the event, a series of contradictory announcements that tend to hide the truth to the customer. Therefore what has already been exposed and what are the consequences for those who have used its products. A company likes Symantec should handle the matter in quite another way, no doubt giving greater transparency about the events.
Better the silence that lies.