Symantec Tells Customers To Stop Using pcAnywhere

Orome1 writes "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued. If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded. If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."

Come on

[jayhawk88]

If the attackers place a network sniffer on a customer's internal network...

You've got a hell of a lot bigger problems than pcAnywhere.

Re:Come on

[cduffy]

If the attackers place a network sniffer on a customer's internal network...

You've got a hell of a lot bigger problems than pcAnywhere.

Au contraire -- if your infrastructure isn't robust against this class of attack (all internal traffic authenticated and encrypted, particularly during password exchange), you're Doing It Wrong.

Moreover, the concept of "defense in depth" applies -- a hard outer shell with a soft inner core means that when the eventual successful attack does happen (and it will!), the damage is that much worse. You can't have decent security if you design all the internal components assuming that the outer layer will protect them.

Security through obscurity?

[Sockatume]

What the story doesn't mention is that the pcAnywhere source was nicked. It sounds like Symantec was aware of the weaknesses, and chose not to act until the source was stolen and the security weaknesses became public.

http://www.channelregister.co.uk/2012/01/18/symantec_leak_latest/