The following is commentary on a recent news post (February 8th, 2012) written by Lance Whitney at CNET News titled Hackers release source code for Symantec's PCAnwhere.
Our class has discussed a variety of topics relating to
technology. One of the things we discussed is software and what open source
software is. For those who are still unfamiliar, open source software is
software generally void of any licensing agreements. The source code – the
programming that makes the program actually function, is free for anyone to
edit and use as they would like.
Symantec, one of the leading computer security companies,
makes programs that are commercial and not
open source. However, a recent hacking done by Yamatough (one of the many
subdivisions of the loose-knit hacking group known as Anonymous) has released
one of their most popular programs’ source code.
Anonymous' Flag
Yamatough is demanding a $50,000 payoff to keep pcAnywhere’s
source code private. They later stated that they had only intended to humiliate
Symantec and that they would not accept the money and release the source code
regardless. Symantec has stated that while the source code shown to them is
indeed from pcAnywhere, it is from 2006 and much of the code has been changed
through patches.
While the damage done to Symantec has been minimal thus far,
trouble lurks ahead. It appears that the source code from many of their other
programs was also stolen in a 2006 security breach. Norton Antivirus Corporate
Edition, Norton Internet Security, and Norton SystemWorks – all very popular
anti-virus solutions, have also been hacked. Symantec expects that Yamatough
will try to release the source code for these products as well.
Because the code is from 2006, no security threats are
apparent to anyone who owns any of Symantec’s products. However, the biggest
problem Symantec faces is how it, as a company that specializes in internet
security, has fallen so easily to a hacking group.
The basic lesson here is that no company is safe from
hackers. While the incidents were from 2006, it still shows that even companies
that specialize in computer security are prone to security threats. Even
computers that have some of the most secure protection in the corporate world
are not safe to hacktivist groups like Anonymous.
Source code is the code written by a programmer that is either compiled or interpreted by a program in order to create the desired program. Many people believe that the source code is intended for anyone to use, this is not the case, for the source code to be open it would have to be declared open to the public either through a general public license, or GNU. If the code is written by a private entity such as a person or company the entity can issue rights over the code as intellectual property, thus holding the person or persons who alter it as being in a breach of contract and also being in copyright violation, resulting in possible lawsuit, penalties and fines, and or imprisonment, depending on the company’s discretion and state and federal law. Depending on the company’s discretion the perpetrator could only face fines and a possible position on the company’s security staff, for by breaking in and showing them the flaw the company may decide to use the person or persons’ skills and knowledge to their advantage this is especially true and not too uncommon in security firms such as the makers of Norton .
ReplyDelete