Hacker Publishes Symantec pcAnywhere Source Code
According to Reuters, a hacker named YamaTough that is part of a group called Lords of Dharmaraja and affiliated with Anonymous, has published the pcAnywhere source code. Authorities, pretending to be a Symantec employee, were in negotiations with the hacker to pay him $50,000 to destroy his copy of the source code.
According to authorities, they were never going to pay anything and was communicating with the hacker in order to buy time for Symantec to send out patches and to capture him. However, the hacker has announced that he was never going to take the money and it was just another way to humiliate Symantec. In the released email, the hacker claims to be located in Mumbai, India, but this could be to throw off law enforcement and the location of the hacker has not been confirmed by authorities.
What is known is that the source code has been published and Symantec has released patches to fix known vulnerabilities on January 23rd and 27th. Whether these patches fixes all vulnerabilities is not known and some companies have decided to stop using the product. Symantec states that they have contacted their customers and do not anticipate losing a lot of their customers. If they are using the latest patched version, it is safe to use pcAnywhere.
However, having the source code published allows other hackers to examine the code to find new vulnerabilities. In fact, this is the way open source code is debugged. Perhaps, in a strange turn, this will help make the product better.