Symantec Corp said a 2006 breach led to the theft of the source code to its flagship Norton security software, reversing its previous position that it had not been hacked.
The world’s biggest maker of security software had previously said that hackers stole the code from a third party, but corrected that statement on Tuesday after an investigation found that Symantec’s own networks had been infiltrated.
The unknown hackers obtained the source code, or blueprint for its software, to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, Symantec spokesman Cris Paden said.
Last week, the hackers released the code to a 2006 version of Norton Utilities and have said they planned to release code to its antivirus software on Tuesday. It was not clear why the source code was being released six years after the theft.
Source code includes instructions written in computer programming languages as well as comments that engineers share to explain the design of their software. For example, a file released last week from the source code of a 2006 version of Norton Utilities included a comment that said “Make all changes in local entry, so we don’t screw up the real entry if we back up early.”
Companies typically heavily guard their source code, which is considered the crown jewels of most software makers. At some companies access is granted on an as-needed basis, with programmers allowed to view code only if it is related to the tasks they are assigned.
The reason for all the secrecy is that companies fear rivals could use the code to figure out the “secret sauce” behind their technology and that hackers could use it to plan attacks.
Paden said that the 2006 attack presented no threat to customers using the most recent versions of Symantec’s software.
“They are protected against any type of cyber attack that might materialize as a result of this code,” he said.
Yet Laura DiDio, an analyst with ITIC who helps companies evaluate security software, said that Symantec’s customers should be concerned about the potential for hackers to use the stolen source code to figure out how to defeat some of the protections in Symantec’s software.
“What we are seeing from Symantec is ‘Let’s put the best public face on this,’” she said. “Unless Symantec wrote all new code from scratch, there are going to be elements of source code in there that are still relevant today.”
Symantec said earlier this month that its own network had not been breached when the source code was taken. But Paden said on Tuesday that an investigation into the matter had revealed that the company’s networks had indeed been compromised.
“We really had to dig way back to find out that this was actually part of a source code theft,” he said. “We are still investigating exactly how it was stolen.”
Paden also said that customers of pcAnywhere, a program that facilitates remote access of PCs, may face “a slightly increased security risk” as a result of the exposure.
“Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”
Ryan: This is one of the reasons I had been telling people for years not to use Symantec programs. I knew they had been hacked because Viruses had been disabling out Norton on machines I had been fixing and I was seeing a big trend with this.
Source: Reuters / Yahoo! News

Heard of Netflix ? The ever growing popular online streaming service that charges you $9 a month to stream OLD movies and TV Shows.
Last summer, phone maker HTC raised eyebrows by
A well-known expert on mobile phone security says a vulnerability in a widely used wireless technology could allow hackers to gain remote control of phones, instructing them to send text messages or make calls.
Boxee has spoiled this post-Christmas week with a morsel of 
Samsung’s Galaxy Tab—a 7-in. slate I’ve been using daily for more than a year now—is also on the “won’t see Android 4.0″ list, says the Samsung Tomorrow blog. I can understand we’re looking at a smartphone and a tablet that made their debut in 2010, and there’s a limited shelf life for future updates on mobile devices. What I don’t understand, nor accept, is that the issue is Samsung’s user interface software. Even worse, I think Samsung is shooting itself in the foot. Here’s why.
Bad products, horrible software and no cohesive vision have seemingly turned Research In Motion into a company without motion at this point.
Microsoft’s range of Windows Phone devices suffer from a denial-of-service attack that allows attackers to disable the messaging functionality on a device.
On the cusp of an event for the Windows 8 app store, one research firm has dealt a painful blow to the forthcoming OS.
































