Dailydave mailing list archives
Symantec AV source compromised and the questions it raises
From: William Arbaugh <warbaugh () gmail com>
Date: Fri, 6 Jan 2012 15:54:48 -0500
Security Week ran a story that Symantec's AV source was obtained (and soon to be released) via a compromise of an Indian Military Intelligence server. http://www.securityweek.com/symantec-investigating-possible-theft-norton-av-source-code Symantec issued a statement that the compromise and eventual release of the source does not place customers at risk since the source is 4+ years old. http://www.facebook.com/Symantec/posts/10150465997682876 Really? I guess they don't reuse code across product generations like most vendors. http://www.neowin.net/news/windows-has-a-17-year-old-un-patched-vulnerability The interesting question, however, is to whom in the Indian government did Symantec provide the source? I understand that major corporations provide source to a number of governments for a variety of reasons- mostly for sales and export approval. But did Symantec give it to the Indian Military Intelligence, or did the Indian intel community obtain it from another part of the Indian government? If the later, then any source provided to the Indian government is in Indian intel's hands. Sadly, we'll likely never know the answer. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com http://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Symantec AV source compromised and the questions it raises William Arbaugh (Jan 06)
- Message not available
- Symantec AV source compromised and the questions it raises Mohammad Hosein (Jan 06)
- Message not available
- Re: Symantec AV source compromised and the questions it raises Michal Zalewski (Jan 06)