Symantec Tells Customers To Stop Using pcAnywhere 149
Orome1 writes "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued. If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded. If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."
Re:But of course (Score:4, Informative)
I'm pretty sure that they made this clear in their disclosure?
http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf
First two paragraphs from their Introduction:
Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
With this incident pcAnywhere customers have increased risk. Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.
Who still uses PCAnywhere? (Score:5, Informative)
I remember the first time I used it. It was a Godsend. It was so nice to simply take control and do it rather than sit there on the phone saying, "Click Start. Start. It's on the bottom left. S-T-A-R-T! No, don't type it. Click the button labeled 'Start'. No, it's not on your keyboard. No, wait. Hit CTRL-ESC. Control Escape. It's on your keyboard. Press and hold control and then press and release escape. Keyboard. It's on your keyboard. Nevermind. Do you see Start on your screen?" Even though we were connecting via dialup, it was lightyears better than trying to imagine the screen the use was describing and then describing elements of it it back to them.
But those days are long gone. Now we have RDP, VNC, WebEx, and a host of other remote desktop utilities and protocols. There is no longer a need for PCAW.
There was never a need anyway if you used unix (Score:1, Informative)
This isn't another juvenile does-it-run-on-linux rant, but I think its reasonable to point out that remote full screen GUI access via X windows has been around since the mid 80s. A LONG time before any remote GUI windows app or even Windows itself existed.