A week after telling users to disable its pcAnywhere, Symantec says the remote computing software is now safe to use, with a few caveats. First, the app must be upgraded to version 12.5, and a critical software patch applied to plug the hole.
In a statement posted to its website, Symantec says that it had patched all versions of the software back to 12.0. A patch for 12.0 and 12.1 was released on January 27, following a patch that was released for 12.5 on January 25.
It's not often when a developer tells you outright not to use its software, but that is exactly what Symantec is forced to do in light of the theft of source code. Last month, Hacktavist group Anonymous bragged that it had possession of code that powers several applications, including Norton Antivirus Corporate Edition, Norton Internet Security; Norton SystemWorks and pcAnywhere.
Symantec says the code theft originally occurred in 2006. While at first security experts believed the theft to only be a black eye for the company's reputation, it now appears that the incident is far more serious. Symantec recommends users of pcAnywhere stop using the software immediately until there is a solution to address any security concerns.
"The Site is under maintenance. Please expect it to be back shortly". That's the message I found at Universal Music moments ago. The US Justice Department site isn't accessible at all. You can thank hacktavist group Anonymous, which claims responsibility for these and other SOPA blackouts today in response to the Feds shutting down Megaupload.
There's a certain irony to this evening's attacks. Yesterday, tens of thousands of sites supported a voluntary blackout protesting two bills snaking through Congress -- Stop Online Piracy (SOPA) and PIPA (PROTECT IP Act). Anonymous' attacks, presumably denial-of-service, blacked out sites that either support the legislation or would be responsible for enforcing it. We've gone from voluntary blackout protests yesterday to involuntary ones today. As I write, Recording Industry Association of America is down, too.
This week’s high-profile hack of the US Chamber of Commerce underscores the inadequacy of today’s security policies and technologies. With the holidays quickly approaching and IT staffs stepping away from offices to spend time with family and friends, we face increased vulnerabilities and security threats. We should be more vigilant than ever, reflecting on national security policies and how we can better protect our sensitive data.
Stories like this continue to point to the fact that we need a broad, across-the-board approach. We need to collaborate and inform when breaches take place. We need diplomatic support to reduce the desire or economic benefit to steal. It is time to have a Y2K approach to cyber protection. That means investment and support from the top down.
The United Nations finds itself resecuring its network Wednesday following a hack that resulted in the login details of the employees of several divisions being posted to the Internet. Calling itself TeaMp0isoN, the group calls the UN "a Senate for global corruption" and "sits to facilitate the introduction of a New World Order and a One World Government".
TeaMp0isoN hacked accounts belonging to employees of United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organization (WHO) among others. Some of the fault for the hack may lie in the users themselves: TeaMp0isoN notes that several of the user IDs contained no password at all.
Sony's PlayStation Network is once again the target of hackers as Sony disclosed late Tuesday that it had disabled some 93,000 PSN and Sony Online Entertainment accounts. According to the company these accounts had been "tested" by hackers, although a majority of the login attempts failed.
The data was said to be obtained from "one or more compromised lists from other companies, sites or other sources," although chief information security officer Phillip Reitinger said it was likely that the data did not come from Sony itself.
The hacker who breached the DigiNotar certificate authority has come out, or at least claimed to. He appears to be the same hacker who breached Comodo, another CA, several months ago. (Hat tip to F-Secure.) "COMODOHACKER" seems to have a problem with the Dutch government.
He claims to have gotten past numerous sophisticated protections in DigiNotar's systems, the details of which he will divulge later, and that he retains inside access to four other "high-profile" CAs and can still issue rogue certificates from them. He also claims that the password for the PRODUCTION\Administrator account (the domain administrator of certificate network) is "Pr0d@dm1n".
Hackers have again disclosed the personal details of police officers, this time in response to BART's decision to cut off cell phone and Wi-Fi service in its metro stations and tunnels to quell a planned anti-police protest. The decision by hacktivist group Anonymous calls its motives again into question, and could put these police officers at risk.
Data disclosed includes names, home addresses, email addresses and passwords to the site of the BART police union; 102 officers in total had their information disclosed, and the hack has taken the organization's website offline.
A British judge has released Jake Davis -- more commonly known as "Topiary" -- on bail Monday, however he has been banned from using the Internet as a condition of his release. Davis was apprehended last Wednesday by the Metropolitan Police as part of a larger effort against LulzSec and Anonymous.
Topiary originally served as the mouthpiece for the LulzSec hacktivist group, but following its disbandment continued his work for Anonymous. He famously taunted police following the arrests of more than a dozen suspected members of the hacktivist group by claiming "you cannot arrest an idea."
As the law enforcement crackdown against hacktivist groups Anonymous and LulzSec continued, British law enforcement on Wednesday announced the apprehension of "Topiary," a 19-year-old man from the Shetland Islands north of Scotland who has served as the spokesperson for the group.
Police were said to still be searching the residence where the individual was apprehended, as well as talking to a 17-year-old in the municipality of Lincolnshire in east central England in connection with the arrested. The person had not been charged or arrested.
Hackers with the group Anonymous claimed Thursday that they had hacked into the servers of the North Atlantic Treaty Organization (NATO). However, it wouldn't release much of the gigabyte of information it stole because doing so would be "irresponsible," seemingly indicating some of the data may be sensitive to security interests.
"Yes, #NATO was breached. And we have lots of restricted material," the group tweeted over its @AnonymousIRC account. "In the next days, wait for interesting data :)"
Anonymous and LulzSec issued a joint statement Wednesday, firing back at FBI director Steve Chabinsky over his comments to NPR that Tuesday's arrests of 14 hackers associated with the groups was meant to send a message that "chaos on the Internet is unacceptable." The response strikes a markedly political tone.
Posted to Pastebin, the statement accuses governments of lying to their citizens and "dismantling their freedom piece by piece," governments conspiring with corporations and wasting taxpayer money, and lobbyists having too much control over day-to-day business "and corrupt them enough so the status quo will never change."
At least a dozen individuals were arrested early Tuesday as the FBI expanded its investigation into the hacking group Anonymous. In conjunction with these arrests, raids were carried out in three homes -- two in Long Island, N.Y. and the other in Brooklyn, N.Y. -- as well as locations in California.
The FBI was not commenting on the raids directly but sources told Fox News that the raids were related to the federal government's widening probe of the activities of Anonymous. Arrests were made in California, Florida, and New Jersey. Charges against the detained individuals were not specified.
Responding to Google's ban of +YourAnonNews on new social network Google+, "hacktivist" group Anonymous and Presstorm Media began discussing the possibility of a new social network called AnonPlus (or Anon+).
"This project is not overnight and will take many of those out there who simply want a better internet," the site's landing page says. "We will not be stopped by those looking to troll or those willing to stop the spreading of the truth. One thing i would like to point out that this project is for ALL people not just anonymous, this idea is a presstorm idea and only takes the name anon because of the Anonymity of the social network."
Black hat security group Anonymous has exposed 90,000 military email addresses stored on servers from consulting firm and U.S. government contractor Booz Allen Hamilton. The hacker group said the breach was done to expose the corruption of government and related corporate entities.
Booz Allen Hamilton deals with all branches of the armed services as well as the defense and intelligence communities of the U.S. Government. It claims to provide, among other things, "strategy and technology solutions that help deter 21st century threats and meet complex mission requirements."