DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th January 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default pcAnywhere let anyone anywhere inject code into PCs

From http://www.theregister.co.uk/2012/01...nywhere_patch/

Quote:
Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.

The most severe of the two holes allows hackers to remotely inject code into vulnerable systems - made possible because a service on TCP port 5631 permits a fixed-length buffer overflow during the authentication process. This line of attack ought to be blocked by a properly configured firewall, but it'd be stupid to rely on that without patching vulnerable systems.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 26th January 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

Also see http://arstechnica.com/business/news...ty-product.ars

Quote:
Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool.

[snip]

Symantec pointed customers to a white paper that recommends disabling pcAnywhere, unless it is needed for business-critical use, because malicious users with access to the source code could identify vulnerabilities and launch new exploits.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 27th January 2012
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,064
Thanked 198 Times in 156 Posts
Default

This is why the "our application is secure because no one can read the code"-mentality is just plain stupid.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #4   (View Single Post)  
Old 4th February 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

From a follow-up article at http://www.theregister.co.uk/2012/02...ak_sheanigans/

Quote:
Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch.

The security giant made the highly unusual move last week of advising customers to avoid using older but still widely used versions of pcAnywhere as a precaution, after it emerged that the product's source code was swiped by Anonymous-affiliated hackers.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 22nd February 2012
bagci bagci is offline
New User
 
Join Date: Feb 2012
Posts: 2
Thanked 0 Times in 0 Posts
Default

I didn't know that people were still using PCanywhere but I am sure that after this "little" problem they had, people won't be too eager to use it again..Not that I have anything against it, I was actually using it quite a lot some time ago..long long time ago. Right now I usually go with Teamviewer and RDP and I would be curious to try out Audials Anywhere if it's something similar to these ones. I've been hearing about it recently but didn't really manage to get too much info about it, I googled it but I could only find info about Audials without the Anywhere part. Do you guys know anything about it? Or are there any other similar softs you are using?
Reply With Quote
  #6   (View Single Post)  
Old 8th March 2012
bagci bagci is offline
New User
 
Join Date: Feb 2012
Posts: 2
Thanked 0 Times in 0 Posts
Default

I managed to find out more about that audials anywhere soft, it was released a couple of days ago, there's plenty of info about it on the internet now. it has little to do with pcanywhere but even so it's a good p2p file sharing tool.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Exploit code with DNS tunnel J65nko News 0 20th March 2010 02:07 AM
BSD code is used where? Broodjegehaktmetmayo Other BSD and UNIX/UNIX-like 7 8th March 2010 06:19 PM
Obfuscated Code JMJ_coder Programming 14 5th November 2009 05:00 PM
Source code for ed? matt FreeBSD Ports and Packages 1 21st October 2008 08:18 PM


All times are GMT. The time now is 10:03 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick