Security Roundup: the Triumph of Hactivists, the Sorrow of Symantec
By Ellen Messmer
January 27, 2012 — Network World — It was another busy week for hactivists attacking the online targets of their ire. This time, hackers under the banner AntiSec appeared to have hacked the website of OnGuardOnline.gov, the U.S. government's online security website, in protest against the much-railed-against legislation Stop Online Piracy Act (SOPA) as well as other bills regarding intellectual protection. Similarly, the group Anonymous is believed to be behind the distributed denial-of-service attack on Thursday that brought down the European Parliament's website in what is thought to be retaliation for European support for the shutdown of the Megaupload file-sharing site the week before. Anonymous also opposes a treaty being ratified in Europe now called the Anti-Counterfeiting Trade Agreement. That deals with infringement of intellectual property rights.
Last week, security firm Symantec was also publicly discussing the consequences of a data breach it believes occurred in 2006 in which some older source code, including that of pcAnywhere, was seized by attackers. Symantec now says customers running older versions of pcAnywhere face heightened risk and that they should upgrade to pcAnywhere 12.5. Plus, they should apply a new patch that Symantec released Monday, Jan. 23. In addition, Symantec said in a statement that "it will continue to release updates to the product that are important to apply immediately."
MORE: Hot security upstarts
A QUICK LOOK: The Megaupload Kim Dotcom hullabaloo
Symantec also said, "Second, it's important that customers run pcAnywhere on a secure, and protected network (i.e. behind the company firewall or via a virtual private network)." It also advised customers to make sure that all of the machines that they're communicating with via pcAnywhere have endpoint protection.
Any customer of pcAnywhere unable to follow this advice should tell Symantec. Symantec says this is the first time it's ever had to issue an advisory like this about its products because of a data breach related to stolen source code. It's safe to think we may not have heard the last about all this, which has to count as one of the most wretched chapters in Symantec's history.
Saturday, Jan. 28, is National Data Privacy Day
This is getting a little harder to celebrate every year, the way things are going. In her excellent piece, "15 worst Internet privacy scandals of All time," Carolyn Duffy Marsan reminds us why that is, with her well-chosen list of privacy outrages and debacles that range from the Sony CD mess to the Google Street View fiasco and much more.
In other news
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Advanced evasion techniques emerge
Organized cybercrime revealed
Inside the global hacker service economy
Anatomy of a DDoS extortion attack
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- FireEye Advanced Threat Protection KnowledgeVault
- Solving Cloud Complexity with Service Brokers with Cloud Security Alliance & NIST
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- #FFSec: Security pros to follow on Twitter, May 25
Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) - Step right up and listen to the security barker
- Is the title 'security evangelist' really that bad?
More Salted Hash with Bill Brenner
