anonymous image

Symantec’s pcAnywhere software could very well turn into “virusAnywhere” due to a potential security breach made by Anonymous.

Symantec, the anti-virus software company, warned users of pcAnywhere, a tool that allows for remote access to your computer, to disable the software. Symantec revealed in a white paper that Anonymous stole pcAnywhere’s source code in 2006 and could use that information to create vulnerabilities:

Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006.

The company is working on a set of updates and patches to fix the vulnerability issue even though Anonymous — as far as we know — hasn’t capitalized on it yet. The source code could let malicious users build exploits and attacks targeted at pcAnywhere users to reveal session information, PC Mag reported.

This is not the first time a Symantec product has been compromised, PC Mag pointed out:

In early January, Symantec confirmed that source code used in its older enterprise antivirus products was stolen. Hacker group the “Lords of Dharmaraja” of India had threatened to publish the code online. Although the code dated back to 1999, security expert Alex Horan of CORE Security Technologies said there was still potential for harm.

For users that insist on accessing pcAnywhere, Symantec recommends having the latest version of the software installed to prevent as much damage as possible.

Anonymous is proving to be an international force, not only attacking sites for fun but acting like a kind of digital watch dog. When Megaupload was shut down amid the SOPA and PIPA controversies, alleged members of Anonymous went after SOPA supporters and even the State Department website. Members of Anonymous had previously gone after banks and big business during the financial crisis and even targeted child porn sites. It’s unclear how and why Anonymous would use Symantec’s pcAnywhere source code but hopefully it would be for good and not ill.

What do you think of Anonymous going after Symantec’s source code? Are you a pcAnywhere user? What will you do? Sound off in the comments.

Want to learn more about Anonymous? Check out the video below.

Image courtesy of Flickr, Mac, iPhone and iPad

Like auditions for a part in a play or tryouts for a sports team, developers have their own rituals for landing hot gigs: hackathons. Facebook recently held its own competitive coding session with teams from 14 schools.

Their assignment was to build an app that solved an everyday annoyance. The students also had a chance to network with Facebook staff at its Palo Alto office and win a cash prize.

Check out the video above to find out what the event was like and who won.

More About: Facebook, hackathon, hacker

For more Dev & Design coverage:

apple hack image

Apple has a reputation for being virus and malware-free, but a hacker has uncovered a potentially dangerous security flaw in the App Store. Charlie Miller, a Mac hacker and computer security researcher, has made a bit of a career finding and exposing flaws in Apple‘s software.

His latest discovery shows how the App Store, Apple’s tightly regulated marketplace for iOS apps and programs, could be compromised by code not approved by Apple, reports Forbes.

Miller’s method is to create a normal, Apple-approved app that is programmed to “call” a remote computer that can then use the app to gain access to the user’s phone. This remote computer can then issue commands such as downloading the address book, files stored on the device or even make it vibrate and ring.

Miller created a dummy app (which has since been removed from the app store) called Instastock, which displayed various stock tickers. The app, however, was also tied to Miller’s home computer where he could use the app to gain access to his phone. You can see Miller describe and discuss the app and his hacking process in the video below.

Forbes reports that Miller noticed the potential flaw when Apple released iOS 4.3, which allows javascript code from the web to run deep in the iOS device’s memory. In order to boost the web speed of its new operating system, Apple created an exception for the browser to run unapproved code — such as Miller’s hack — in a region of the device’s memory that had previously been inaccessible. Miller says it’s a flaw in Apple’s restriction on code signing.

Apple hasn’t issued an official response to Miller’s discovery, though Apple did revoke his developer license. Miller says he’s planning to talk about the flaw in more depth at the SysCan conference in Taiwan next week but has stayed mum on the exact details to give Apple more time to fix the security flaw.

Miller’s hack raises an interesting question on whether publicizing these potentially dangerous flaws are good for companies. Hackers (presumably white-hat) find flaws in systems so that companies and organizations can improve their products and safety measures. This practice becomes more controversial when the hackers are officially unaffiliated with the company or relative unknowns. The hackers essentially break the system to show it can be broken with the hope the company can, or will, fix it.

Are white-hat hackers a public service or a corporate nuisance? Let us know your opinions in the comments below.

More About: app store, apple, hacker, hacking, iOS

For more Dev & Design coverage: