Last weekend, a hacking group calling itself “The Lords of Dharmaraja” claimed that it had obtained the confidential source code of Norton AntiVirus and that it would release the full code on Tuesday. Wait, that’s tomorrow.
The Lords of Dharmaraja claim to have infiltrated secure serves belonging to the Indian Military Intelligence servers and pilfered the code as well as numerous internal emails. One member of the team, Yama Tough, then posted to twitter, “This coming Tuesday behold the full Norton Antivirus 1,7Gb src, the rest will follow.” Since then, multiple snippets of code have been posted to PasteBin.
Symantec doesn’t seem too worried, however, stating that, “Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time.” [Reuters via Gizmodo UK]
Jeff
Tuesday, January 17, 2012 at 5:41 PMWho’d want there codes, the programs are malware in themselves.
olearymo
Wednesday, January 18, 2012 at 4:44 PM^ this
Franz
Tuesday, January 17, 2012 at 5:47 PM[ymantec doesn’t seem too worried, however, stating that, “Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time.”]
In other words, they said nothing at all, apart from ‘we’ll wait and see if anything is compromised, THEN do something about it’.
Philip B
Tuesday, January 17, 2012 at 5:49 PMI find it amusing/concerning that they hacked the Indian Military Intelligence servers ^_^
John
Tuesday, January 17, 2012 at 5:59 PMThese are a bunch of little kids. Nothing to worry about, like Norton has said. I have used Norton for many years and I’m currently using the 360 version. It is a fantastic security suit and hasn’t lost my buy. These script kiddies stole the source code from a real old Norton version. I’d be more worried if they got the current version. Which I doubt they ever will.
LucasF
Tuesday, January 17, 2012 at 7:15 PMOh My! You are right!
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080417101717EN&product=home&version=1&pvid=f-home
This is barely news. Unless you are from India. Although they do have nuclear weapons, so maybe they shouldn’t have people hacking into their military servers!!!! Then again, there could be a military coup in Pakistan any day now, then terrorists might have nuclear weapons. Hmmm. What am I even talking about now? Are we all going to die? Maybe….that is all.
Richard
Tuesday, January 17, 2012 at 11:03 PMI wouldn’t even be especially concerned if they got access to a current version. Sure, it could be used to locate vulnerabilities but it can be used to apply patches too. Having the source code in itself doesn’t necessarily make the application any more vulnerable, projects like Linux and Webkit show that open source code can compete with proprietary products.
If there are issues then you’re probably not at a lot more risk if the code is out there or not. The larger risk may be to Norton, particularly when pursuing larger name clients who may see this as an issue.
Matt L
Tuesday, January 17, 2012 at 11:44 PMTrue, the only thing they could do is release cracked versions, or look into its vulnerabilities to allow for a virus or trojan to disable the protection… But yeah, you’d probably need the stolen version for this to be a problem… Norton will be quick to patch too, they’ll be watching it… They should have planted a vulnerability in the code and left without a trace, only to cause havoc later on down the track.
Jim
Tuesday, January 17, 2012 at 6:02 PMBah, waste of time , Symantic who???
We the public want the truth about UFO’S and where their stashed :-)
LucasF
Tuesday, January 17, 2012 at 7:06 PMWhy is symantec’s source code on Indian Military Servers? And why am I the first person to ask that question? Something I am missing?
Richard
Tuesday, January 17, 2012 at 11:00 PMI’m sure many high (well not high enough) security government agencies will have access to source control for applications installed on their hardware. It doesn’t seem to be particularly alarming to me that they would request access to it given it scans all their files, nor that Norton would not issue it to them. Government contracts are worth a bit, particularly military ones.
Richard
Tuesday, January 17, 2012 at 11:14 PMsource code, not source control
DarthDVD
Tuesday, January 17, 2012 at 8:49 PMLOL Nortons Security…… its a joke… slows down your computer and it still gets infected.
Sky Bolt
Wednesday, January 18, 2012 at 2:46 AMMaybe if their code is released the community can fix it. Who knows, this may end up being a good thing for Norton users. :p
james_whatsit
Wednesday, January 18, 2012 at 3:21 AMthe thing is, anyone who can read that source code, and understand where potential exploits are, can pretty easily hack someone who has a consumer version of antivirus without any source code.
consumer antivirus is only truly effective against attacks by computer (files) and attempts to form botnets etc (any artificial program aimed at the masses)
now if they released some military or government (or google) grade antivirus source code, then we’d be f***ed
matt
Wednesday, January 18, 2012 at 3:26 AMlol, 1.7gb of source… now thats bloatware! I’m pretty sure if it really was 1.7 gig of source, it would make it about 4 times bigger than windows…
InformedGamer
Wednesday, January 18, 2012 at 9:26 AMSymantec are laughing. These hackers just downloaded malware themselves
Incredibad
Wednesday, January 18, 2012 at 10:02 AMLol. Norton. Just lol.
Vebi
Wednesday, January 18, 2012 at 10:26 AMNorton actually fares rather well in AV tests (see VBulletin, AV tests, etc). The problem is that it’s just a behemoth of poorly constructed code that slows your computer down no end for little benefit.
I can say this on a background of 9 years of using Norton (yes, shameful). Kaspersky works amazingly now.
D
Thursday, January 19, 2012 at 4:43 PMNorton internet security is the only program that you can physically set so that it will ask your permission if you want a certain program to access the internet. Not like other programs, i don’t know why HP want to access the internet, but we all remember what they did.
Yes the old NIS used to be slow but not anymore. Not like the free AVG that turned into malware after a few months, asking me for money to upgrade to the full version.
The funny thing is that norton was developed by the CIA
Cheers