Thursday, January 26, 2012

“We keep logs as far back, as long as we have had software to keep logs.”

If I’m reading this right, Symantec had a breech in 2006 but didn’t think that the breech was significant. After learning that older versions or their source code was stolen, they re-analyzed the 2006 event from 6 year old logs (!) and determined that the source was stolen during that incident.

The interesting bits:

Nobody that was involved at the 2006 breech is still at the company, but the logs still existed and were sufficiently detailed to reconstruct the event. That’s really impressive.

Presumably whomever stole the source could have been busy writing bots that were undetected by Symantec AV. I don’t know that to be the case, but it certainly is possible. Owning the source code for an AV product would certainly be a competitive advantage for a bot-maker.

Symantec’s advice to shut off pcAnywhere is interesting. I’s not the usual advice you get from companies with exploitable software. Oracle has never asked us to shut off their unbreakable databases.

It’s broken, shut it off.

1 comment:

  1. Imagine the apocalypse if Oracle ever asked us to shut off their database. I think there's an unspoken (and unexamined) consensus among Oracle, its customers and the vendors that ship Oracle that no bug is that bad.

    Meanwhile I didn't even know that anybody used PC Anywhere anymore.

    ReplyDelete