赛门铁克/诺顿“代码泄露们”讨论专贴（2012年2月8日最新官方声明44楼）

饭是来装桶的

好久的帐了。。那么早就被泄露了 现在又发布一遍新闻

jiey888

企业版肯定是有影响的

小杨过

The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.

不安全了～～～

1. http://nakedsecurity.sophos.com/2012/01/25/symantec-stop-pcanywhere/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

复制代码

dgslhua

部分nis都出19.5了，估计是补漏了，但是不怕啦~泄露的是06年的还是企业版的~我印象中 诺顿貌似07年重新写代码了，09年貌似连核心代码都改了，要是高手的话，即使再牛的防御软件，也能入侵

604730161

不知道是不是重要的代码，再说不是说是旧版的吗，无视之

皇甫暮云

604730161 发表于 2012-2-7 23:31
不知道是不是重要的代码，再说不是说是旧版的吗，无视之

2006版的，古董代码，黑客也要哗众取宠一番，都懂的

dfr1986

貌似是说威胁要泄露，还没吧。

ADSLgg

猪头无双 发表于 2012-1-20 02:22
好吧，我来凑个热闹，我觉得这次泄漏事故有幕后黑手，而且很可能就是印度的本土安全厂商，首当其冲的怀疑对 ...

岂不是说，熊猫、趋势等也危在旦夕？

guobao13

已经下载代码了