SlideShare a Scribd company logo

The long term effects of Symantec's Code Leak

Download as PPTX, PDF
The Lorenzi Group
The Lorenzi Group

This is a brief overview of the Symantec source code leak, what it means to users, and what organizations should do about it.

Technology
1 of 9
SYMANTEC CODE RELEASED! SO WHAT? What it means to users The Lorenzi Group (C) 2012 THE LORENZI GROUP LLC
SYMANTEC • Largest maker of security software for computers in the world • Based in Mountain View, CA USA • Sample of Brand Names: Symantec, Norton, Ghost, Veritas, Endpoint, • Publicly Traded: SYMC • F500 and S&P 500 • Employees: +18,000 • Revenue: $6B • NOTE: Symantec, Norton, Ghost, Veritas, & Endpoint are products and brand names own by Symantec Corporation. (C) 2012 THE LORENZI GROUP LLC
EVENT • A hacker with the screen name “Yama Tough” from the Indian hacking group Lords of Dhramaraja penetrated a 3rd party’s IT security (NOTE: This unconfirmed 3rd party organization, held sensitive Symantec documentation) and stole the source code for Symantec’s Endpoint and AntiVirus products. (C) 2012 THE LORENZI GROUP LLC
RESULTS • Confidential source code (the core software of the programs) has been released publicly by the hackers and posted online. • Symantec claims there will be little effect on users. • Experts disagree with Symantec’s assessment that this is a minor event and that it will not affect a significant amount of users. (C) 2012 THE LORENZI GROUP LLC
WHY DO EXPERTS DISAGREE WITH SYMANTEC? 1. The software isn’t as old or out-dated as Symantec makes it appear 2. The software is currently being used by many organizations around the world 3. Most software today is built to be modular, meaning that pieces are created individually and connected together using code. This is done to create more flexibility and reduce design costs. It is unrealistic to think that some parts or all of this leaked code is not being used in some format or style in current or future Symantec software. 4. Even if none of the code is used in current software, the leaked and posted documentation gives hackers and professional criminals insight into the software languages being used by Symantec, the format of the code, the Symantec coding process, and ideas on how Symantec things about software security. (C) 2012 THE LORENZI GROUP LLC
HOW DID THIS HAPPEN? • Set it and Forget it Security: • Symantec and it’s 3 rd party organizations set up AntiVirus, AntiSpyware, and Firewalls and do not actively monitor them. • Symantec does not have proper BAA’s (Business Associate Agreements) in place. • Symantec does not properly audit 3 rd parties that hold confidential data • Symantec and it’s 3 rd parties do not proactively monitor their networks and devices for anomalies • It is HIGHLY likely that “Yama Tough” or another member of Lords of Dhramaraja is an employee of Symantec or it’s 3 rd party partner. • Set It and Forget It Security is DEAD! Proactive monitoring of networks and devices 24x7, and the use of AV/AS software, Firewalls, and DLP devices, are the only way to protect data today. (C) 2012 THE LORENZI GROUP LLC
WHY YOU SHOULD CARE • If you use Symantec software, you are at risk. NOTE: It can be ANY software from Symantec, not just their AntiVirus software. • If you have friends, family, peers, or interact with organizations that use Symantec software, you are at risk. • Expect to receive an increase of emails, posts, IM requests, and SPAM because of this. Accidently clicking on any of these may expose your data. (C) 2012 THE LORENZI GROUP LLC
WHAT YOU CAN DO • Run all software updates for Operating Systems and Antivirus, AntiSpyware, and Firewall software. • Run Software and Firmware updates for Firewalls, DLP, and other security devices. • Educate employees on the potential new wave of threats, their risks, and how to avoid them. • Begin evaluating AntiVirus software from vendors other than Symantec. • Begin proactively monitoring all traffic on network devices, including those of remote and mobile workers. (C) 2012 THE LORENZI GROUP LLC
THE LORENZI GROUP Digital Forensics Data Security Proactive Network & Device monitoring (Lorenzi ANM) Research & Reputation Management 866-632-9880 www.thelorenzigroup.com info@thelorenzigroup.com (C) 2012 THE LORENZI GROUP LLC

Recommended

Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume
emmanuel pagan vazquez
 
Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2
jmori1
 
Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009
Martijn Hulst
 
Porter Book
Porter BookPorter Book
Porter Book
April Biss, MA
 
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
3chemineebio-encastrable
 
Jemcalculoi3
Jemcalculoi3Jemcalculoi3
Jemcalculoi3
Eronildo Melo
 
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Raf Buyle
 
Am swedish presentation klein-seminar
Am swedish presentation klein-seminarAm swedish presentation klein-seminar
Am swedish presentation klein-seminar
Amanda Bilek
 

Recommended

Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume
emmanuel pagan vazquez
 
Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2
jmori1
 
Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009
Martijn Hulst
 
Porter Book
Porter BookPorter Book
Porter Book
April Biss, MA
 
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
3chemineebio-encastrable
 
Jemcalculoi3
Jemcalculoi3Jemcalculoi3
Jemcalculoi3
Eronildo Melo
 
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Raf Buyle
 
Am swedish presentation klein-seminar
Am swedish presentation klein-seminarAm swedish presentation klein-seminar
Am swedish presentation klein-seminar
Amanda Bilek
 
ALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOG
faraon_duck
 
Indices 18 sep2013051422
Indices 18 sep2013051422Indices 18 sep2013051422
Indices 18 sep2013051422
Investors Empowered
 
Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 ceb
aingles
 
ექსკრეტორული სისტემა
ექსკრეტორული სისტემაექსკრეტორული სისტემა
ექსკრეტორული სისტემა
a.sanamiani a.sanamiani
 
Modul Řízení značky
Modul Řízení značkyModul Řízení značky
Modul Řízení značky
EnterpriseCulturalHeritage
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popular
Jamildo Melo
 
PresentacióN1ppt
PresentacióN1pptPresentacióN1ppt
PresentacióN1ppt
guest85455c5
 
Abs 2
Abs 2Abs 2
Abs 2
JsmithS
 
Thiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciasThiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidencias
sextoaies
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepec
megaradioexpress
 
Sspp seminar 2014 #2
Sspp seminar 2014 #2Sspp seminar 2014 #2
Sspp seminar 2014 #2
John Douglas
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
The Lorenzi Group
 
ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat Helper
The Lorenzi Group
 
ROAR for IT Managers
ROAR for IT ManagersROAR for IT Managers
ROAR for IT Managers
The Lorenzi Group
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
The Lorenzi Group
 
The Many Faces of SHIELD
The Many Faces of SHIELDThe Many Faces of SHIELD
The Many Faces of SHIELD
The Lorenzi Group
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital Enviroments
The Lorenzi Group
 
ROARing Compliance
ROARing ComplianceROARing Compliance
ROARing Compliance
The Lorenzi Group
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture Perfect
The Lorenzi Group
 
ROAR in Pictures: Biking
ROAR in Pictures: BikingROAR in Pictures: Biking
ROAR in Pictures: Biking
The Lorenzi Group
 
DDoS Explained
DDoS ExplainedDDoS Explained
DDoS Explained
The Lorenzi Group
 
Digital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaDigital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' Dilemma
The Lorenzi Group
 

More Related Content

Viewers also liked

Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 ceb
aingles
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popular
Jamildo Melo
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepec
megaradioexpress
 

Viewers also liked (11)

ALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOG
 
Indices 18 sep2013051422
Indices 18 sep2013051422Indices 18 sep2013051422
Indices 18 sep2013051422
 
Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 ceb
 
ექსკრეტორული სისტემა
ექსკრეტორული სისტემაექსკრეტორული სისტემა
ექსკრეტორული სისტემა
 
Modul Řízení značky
Modul Řízení značkyModul Řízení značky
Modul Řízení značky
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popular
 
PresentacióN1ppt
PresentacióN1pptPresentacióN1ppt
PresentacióN1ppt
 
Abs 2
Abs 2Abs 2
Abs 2
 
Thiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciasThiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidencias
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepec
 
Sspp seminar 2014 #2
Sspp seminar 2014 #2Sspp seminar 2014 #2
Sspp seminar 2014 #2
 

More from The Lorenzi Group

ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat Helper
The Lorenzi Group
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
The Lorenzi Group
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital Enviroments
The Lorenzi Group
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture Perfect
The Lorenzi Group
 

More from The Lorenzi Group (20)

Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat Helper
 
ROAR for IT Managers
ROAR for IT ManagersROAR for IT Managers
ROAR for IT Managers
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
 
The Many Faces of SHIELD
The Many Faces of SHIELDThe Many Faces of SHIELD
The Many Faces of SHIELD
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital Enviroments
 
ROARing Compliance
ROARing ComplianceROARing Compliance
ROARing Compliance
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture Perfect
 
ROAR in Pictures: Biking
ROAR in Pictures: BikingROAR in Pictures: Biking
ROAR in Pictures: Biking
 
DDoS Explained
DDoS ExplainedDDoS Explained
DDoS Explained
 
Digital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaDigital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' Dilemma
 
Rising Cost of Child Porn Defense
Rising Cost of Child Porn DefenseRising Cost of Child Porn Defense
Rising Cost of Child Porn Defense
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 
So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
Digital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial ExecutiveDigital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial Executive
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
eDiscovery IS Data Security
eDiscovery IS Data SecurityeDiscovery IS Data Security
eDiscovery IS Data Security
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
Introduction to the Epsilon Data Breach
Introduction to the Epsilon Data BreachIntroduction to the Epsilon Data Breach
Introduction to the Epsilon Data Breach
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

The long term effects of Symantec's Code Leak

  • 1. SYMANTEC CODE RELEASED! SO WHAT? What it means to users The Lorenzi Group (C) 2012 THE LORENZI GROUP LLC
  • 2. SYMANTEC • Largest maker of security software for computers in the world • Based in Mountain View, CA USA • Sample of Brand Names: Symantec, Norton, Ghost, Veritas, Endpoint, • Publicly Traded: SYMC • F500 and S&P 500 • Employees: +18,000 • Revenue: $6B • NOTE: Symantec, Norton, Ghost, Veritas, & Endpoint are products and brand names own by Symantec Corporation. (C) 2012 THE LORENZI GROUP LLC
  • 3. EVENT • A hacker with the screen name “Yama Tough” from the Indian hacking group Lords of Dhramaraja penetrated a 3rd party’s IT security (NOTE: This unconfirmed 3rd party organization, held sensitive Symantec documentation) and stole the source code for Symantec’s Endpoint and AntiVirus products. (C) 2012 THE LORENZI GROUP LLC
  • 4. RESULTS • Confidential source code (the core software of the programs) has been released publicly by the hackers and posted online. • Symantec claims there will be little effect on users. • Experts disagree with Symantec’s assessment that this is a minor event and that it will not affect a significant amount of users. (C) 2012 THE LORENZI GROUP LLC
  • 5. WHY DO EXPERTS DISAGREE WITH SYMANTEC? 1. The software isn’t as old or out-dated as Symantec makes it appear 2. The software is currently being used by many organizations around the world 3. Most software today is built to be modular, meaning that pieces are created individually and connected together using code. This is done to create more flexibility and reduce design costs. It is unrealistic to think that some parts or all of this leaked code is not being used in some format or style in current or future Symantec software. 4. Even if none of the code is used in current software, the leaked and posted documentation gives hackers and professional criminals insight into the software languages being used by Symantec, the format of the code, the Symantec coding process, and ideas on how Symantec things about software security. (C) 2012 THE LORENZI GROUP LLC
  • 6. HOW DID THIS HAPPEN? • Set it and Forget it Security: • Symantec and it’s 3 rd party organizations set up AntiVirus, AntiSpyware, and Firewalls and do not actively monitor them. • Symantec does not have proper BAA’s (Business Associate Agreements) in place. • Symantec does not properly audit 3 rd parties that hold confidential data • Symantec and it’s 3 rd parties do not proactively monitor their networks and devices for anomalies • It is HIGHLY likely that “Yama Tough” or another member of Lords of Dhramaraja is an employee of Symantec or it’s 3 rd party partner. • Set It and Forget It Security is DEAD! Proactive monitoring of networks and devices 24x7, and the use of AV/AS software, Firewalls, and DLP devices, are the only way to protect data today. (C) 2012 THE LORENZI GROUP LLC
  • 7. WHY YOU SHOULD CARE • If you use Symantec software, you are at risk. NOTE: It can be ANY software from Symantec, not just their AntiVirus software. • If you have friends, family, peers, or interact with organizations that use Symantec software, you are at risk. • Expect to receive an increase of emails, posts, IM requests, and SPAM because of this. Accidently clicking on any of these may expose your data. (C) 2012 THE LORENZI GROUP LLC
  • 8. WHAT YOU CAN DO • Run all software updates for Operating Systems and Antivirus, AntiSpyware, and Firewall software. • Run Software and Firmware updates for Firewalls, DLP, and other security devices. • Educate employees on the potential new wave of threats, their risks, and how to avoid them. • Begin evaluating AntiVirus software from vendors other than Symantec. • Begin proactively monitoring all traffic on network devices, including those of remote and mobile workers. (C) 2012 THE LORENZI GROUP LLC
  • 9. THE LORENZI GROUP Digital Forensics Data Security Proactive Network & Device monitoring (Lorenzi ANM) Research & Reputation Management 866-632-9880 www.thelorenzigroup.com info@thelorenzigroup.com (C) 2012 THE LORENZI GROUP LLC