SlideShare une entreprise Scribd logo

The long term effects of Symantec's Code Leak

Télécharger en tant que PPTX, PDF
The Lorenzi Group
The Lorenzi Group

This is a brief overview of the Symantec source code leak, what it means to users, and what organizations should do about it.

Technologie
1  sur  9
SYMANTEC CODE RELEASED! SO WHAT? What it means to users The Lorenzi Group (C) 2012 THE LORENZI GROUP LLC
SYMANTEC • Largest maker of security software for computers in the world • Based in Mountain View, CA USA • Sample of Brand Names: Symantec, Norton, Ghost, Veritas, Endpoint, • Publicly Traded: SYMC • F500 and S&P 500 • Employees: +18,000 • Revenue: $6B • NOTE: Symantec, Norton, Ghost, Veritas, & Endpoint are products and brand names own by Symantec Corporation. (C) 2012 THE LORENZI GROUP LLC
EVENT • A hacker with the screen name “Yama Tough” from the Indian hacking group Lords of Dhramaraja penetrated a 3rd party’s IT security (NOTE: This unconfirmed 3rd party organization, held sensitive Symantec documentation) and stole the source code for Symantec’s Endpoint and AntiVirus products. (C) 2012 THE LORENZI GROUP LLC
RESULTS • Confidential source code (the core software of the programs) has been released publicly by the hackers and posted online. • Symantec claims there will be little effect on users. • Experts disagree with Symantec’s assessment that this is a minor event and that it will not affect a significant amount of users. (C) 2012 THE LORENZI GROUP LLC
WHY DO EXPERTS DISAGREE WITH SYMANTEC? 1. The software isn’t as old or out-dated as Symantec makes it appear 2. The software is currently being used by many organizations around the world 3. Most software today is built to be modular, meaning that pieces are created individually and connected together using code. This is done to create more flexibility and reduce design costs. It is unrealistic to think that some parts or all of this leaked code is not being used in some format or style in current or future Symantec software. 4. Even if none of the code is used in current software, the leaked and posted documentation gives hackers and professional criminals insight into the software languages being used by Symantec, the format of the code, the Symantec coding process, and ideas on how Symantec things about software security. (C) 2012 THE LORENZI GROUP LLC
HOW DID THIS HAPPEN? • Set it and Forget it Security: • Symantec and it’s 3 rd party organizations set up AntiVirus, AntiSpyware, and Firewalls and do not actively monitor them. • Symantec does not have proper BAA’s (Business Associate Agreements) in place. • Symantec does not properly audit 3 rd parties that hold confidential data • Symantec and it’s 3 rd parties do not proactively monitor their networks and devices for anomalies • It is HIGHLY likely that “Yama Tough” or another member of Lords of Dhramaraja is an employee of Symantec or it’s 3 rd party partner. • Set It and Forget It Security is DEAD! Proactive monitoring of networks and devices 24x7, and the use of AV/AS software, Firewalls, and DLP devices, are the only way to protect data today. (C) 2012 THE LORENZI GROUP LLC
WHY YOU SHOULD CARE • If you use Symantec software, you are at risk. NOTE: It can be ANY software from Symantec, not just their AntiVirus software. • If you have friends, family, peers, or interact with organizations that use Symantec software, you are at risk. • Expect to receive an increase of emails, posts, IM requests, and SPAM because of this. Accidently clicking on any of these may expose your data. (C) 2012 THE LORENZI GROUP LLC
WHAT YOU CAN DO • Run all software updates for Operating Systems and Antivirus, AntiSpyware, and Firewall software. • Run Software and Firmware updates for Firewalls, DLP, and other security devices. • Educate employees on the potential new wave of threats, their risks, and how to avoid them. • Begin evaluating AntiVirus software from vendors other than Symantec. • Begin proactively monitoring all traffic on network devices, including those of remote and mobile workers. (C) 2012 THE LORENZI GROUP LLC
THE LORENZI GROUP Digital Forensics Data Security Proactive Network & Device monitoring (Lorenzi ANM) Research & Reputation Management 866-632-9880 www.thelorenzigroup.com info@thelorenzigroup.com (C) 2012 THE LORENZI GROUP LLC

Recommandé

Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume emmanuel pagan vazquez
 
Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2jmori1
 
Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Martijn Hulst
 
Porter Book
Porter BookPorter Book
Porter BookApril Biss, MA
 
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...3chemineebio-encastrable
 
Jemcalculoi3
Jemcalculoi3Jemcalculoi3
Jemcalculoi3Eronildo Melo
 
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Raf Buyle
 
Am swedish presentation klein-seminar
Am swedish presentation klein-seminarAm swedish presentation klein-seminar
Am swedish presentation klein-seminarAmanda Bilek
 

Recommandé

Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume Emmanuel Pagan Vazquez Resume
Emmanuel Pagan Vazquez Resume emmanuel pagan vazquez
 
Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2Elements, Compounds & Mixtures Spring 2012.Day 2
Elements, Compounds & Mixtures Spring 2012.Day 2jmori1
 
Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Leen je homepage uit-actie Serious Request 2009
Leen je homepage uit-actie Serious Request 2009Martijn Hulst
 
Porter Book
Porter BookPorter Book
Porter BookApril Biss, MA
 
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...
Quelques questions de fond pour des strategies rationnelles de cheminee Sydne...3chemineebio-encastrable
 
Jemcalculoi3
Jemcalculoi3Jemcalculoi3
Jemcalculoi3Eronildo Melo
 
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014
Open Data | Projectoproep Ondernemingsvriendelijke gemeente 2014Raf Buyle
 
Am swedish presentation klein-seminar
Am swedish presentation klein-seminarAm swedish presentation klein-seminar
Am swedish presentation klein-seminarAmanda Bilek
 
ALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGfaraon_duck
 
Indices 18 sep2013051422
Indices 18 sep2013051422Indices 18 sep2013051422
Indices 18 sep2013051422Investors Empowered
 
Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebaingles
 
ექსკრეტორული სისტემა
ექსკრეტორული სისტემაექსკრეტორული სისტემა
ექსკრეტორული სისტემაa.sanamiani a.sanamiani
 
Modul Řízení značky
Modul Řízení značkyModul Řízení značky
Modul Řízení značkyEnterpriseCulturalHeritage
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popularJamildo Melo
 
PresentacióN1ppt
PresentacióN1pptPresentacióN1ppt
PresentacióN1pptguest85455c5
 
Abs 2
Abs 2Abs 2
Abs 2JsmithS
 
Thiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciasThiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciassextoaies
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecmegaradioexpress
 
Sspp seminar 2014 #2
Sspp seminar 2014 #2Sspp seminar 2014 #2
Sspp seminar 2014 #2John Douglas
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperThe Lorenzi Group
 
ROAR for IT Managers
ROAR for IT ManagersROAR for IT Managers
ROAR for IT ManagersThe Lorenzi Group
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...The Lorenzi Group
 
The Many Faces of SHIELD
The Many Faces of SHIELDThe Many Faces of SHIELD
The Many Faces of SHIELDThe Lorenzi Group
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsThe Lorenzi Group
 
ROARing Compliance
ROARing ComplianceROARing Compliance
ROARing ComplianceThe Lorenzi Group
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectThe Lorenzi Group
 
ROAR in Pictures: Biking
ROAR in Pictures: BikingROAR in Pictures: Biking
ROAR in Pictures: BikingThe Lorenzi Group
 
DDoS Explained
DDoS ExplainedDDoS Explained
DDoS ExplainedThe Lorenzi Group
 
Digital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaDigital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaThe Lorenzi Group
 

Contenu connexe

En vedette

ALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGfaraon_duck
 
Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebaingles
 
ექსკრეტორული სისტემა
ექსკრეტორული სისტემაექსკრეტორული სისტემა
ექსკრეტორული სისტემაa.sanamiani a.sanamiani
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popularJamildo Melo
 
Thiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciasThiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciassextoaies
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecmegaradioexpress
 
Sspp seminar 2014 #2
Sspp seminar 2014 #2Sspp seminar 2014 #2
Sspp seminar 2014 #2John Douglas
 

En vedette (11)

ALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOGALGO BREVE DE UN BLOG
ALGO BREVE DE UN BLOG
 
Indices 18 sep2013051422
Indices 18 sep2013051422Indices 18 sep2013051422
Indices 18 sep2013051422
 
Seminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 cebSeminari coordinaciópile 3 ceb
Seminari coordinaciópile 3 ceb
 
ექსკრეტორული სისტემა
ექსკრეტორული სისტემაექსკრეტორული სისტემა
ექსკრეტორული სისტემა
 
Modul Řízení značky
Modul Řízení značkyModul Řízení značky
Modul Řízení značky
 
Manifesto do shopping popular
Manifesto do shopping popularManifesto do shopping popular
Manifesto do shopping popular
 
PresentacióN1ppt
PresentacióN1pptPresentacióN1ppt
PresentacióN1ppt
 
Abs 2
Abs 2Abs 2
Abs 2
 
Thiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidenciasThiago y diego la inmigracion e precidencias
Thiago y diego la inmigracion e precidencias
 
José antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepecJosé antonio aragón roldán pte mpl de mixtepec
José antonio aragón roldán pte mpl de mixtepec
 
Sspp seminar 2014 #2
Sspp seminar 2014 #2Sspp seminar 2014 #2
Sspp seminar 2014 #2
 

Plus de The Lorenzi Group

Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperThe Lorenzi Group
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...The Lorenzi Group
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsThe Lorenzi Group
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectThe Lorenzi Group
 
Digital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaDigital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaThe Lorenzi Group
 
Rising Cost of Child Porn Defense
Rising Cost of Child Porn DefenseRising Cost of Child Porn Defense
Rising Cost of Child Porn DefenseThe Lorenzi Group
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 
So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....The Lorenzi Group
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
 
Digital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial ExecutiveDigital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial ExecutiveThe Lorenzi Group
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindThe Lorenzi Group
 
Introduction to the Epsilon Data Breach
Introduction to the Epsilon Data BreachIntroduction to the Epsilon Data Breach
Introduction to the Epsilon Data BreachThe Lorenzi Group
 

Plus de The Lorenzi Group (20)

Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
ROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat HelperROAR in Real Like: Heartbeat Helper
ROAR in Real Like: Heartbeat Helper
 
ROAR for IT Managers
ROAR for IT ManagersROAR for IT Managers
ROAR for IT Managers
 
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
Why ROAR makes CENTS: An Insiders Guide to Saving Clients Money (While Protec...
 
The Many Faces of SHIELD
The Many Faces of SHIELDThe Many Faces of SHIELD
The Many Faces of SHIELD
 
ROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital EnviromentsROAR Provides Peace of Mind in Digital Enviroments
ROAR Provides Peace of Mind in Digital Enviroments
 
ROARing Compliance
ROARing ComplianceROARing Compliance
ROARing Compliance
 
ROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture PerfectROAR in Real Life: Picture Perfect
ROAR in Real Life: Picture Perfect
 
ROAR in Pictures: Biking
ROAR in Pictures: BikingROAR in Pictures: Biking
ROAR in Pictures: Biking
 
DDoS Explained
DDoS ExplainedDDoS Explained
DDoS Explained
 
Digital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' DilemmaDigital Forensics: The Employees' Dilemma
Digital Forensics: The Employees' Dilemma
 
Rising Cost of Child Porn Defense
Rising Cost of Child Porn DefenseRising Cost of Child Porn Defense
Rising Cost of Child Porn Defense
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 
So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....So, You Want To Work In Digital Forensics....
So, You Want To Work In Digital Forensics....
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
Digital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial ExecutiveDigital Forensics & eDiscovery for the Financial Executive
Digital Forensics & eDiscovery for the Financial Executive
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
eDiscovery IS Data Security
eDiscovery IS Data SecurityeDiscovery IS Data Security
eDiscovery IS Data Security
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
Introduction to the Epsilon Data Breach
Introduction to the Epsilon Data BreachIntroduction to the Epsilon Data Breach
Introduction to the Epsilon Data Breach
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

The long term effects of Symantec's Code Leak

  • 1. SYMANTEC CODE RELEASED! SO WHAT? What it means to users The Lorenzi Group (C) 2012 THE LORENZI GROUP LLC
  • 2. SYMANTEC • Largest maker of security software for computers in the world • Based in Mountain View, CA USA • Sample of Brand Names: Symantec, Norton, Ghost, Veritas, Endpoint, • Publicly Traded: SYMC • F500 and S&P 500 • Employees: +18,000 • Revenue: $6B • NOTE: Symantec, Norton, Ghost, Veritas, & Endpoint are products and brand names own by Symantec Corporation. (C) 2012 THE LORENZI GROUP LLC
  • 3. EVENT • A hacker with the screen name “Yama Tough” from the Indian hacking group Lords of Dhramaraja penetrated a 3rd party’s IT security (NOTE: This unconfirmed 3rd party organization, held sensitive Symantec documentation) and stole the source code for Symantec’s Endpoint and AntiVirus products. (C) 2012 THE LORENZI GROUP LLC
  • 4. RESULTS • Confidential source code (the core software of the programs) has been released publicly by the hackers and posted online. • Symantec claims there will be little effect on users. • Experts disagree with Symantec’s assessment that this is a minor event and that it will not affect a significant amount of users. (C) 2012 THE LORENZI GROUP LLC
  • 5. WHY DO EXPERTS DISAGREE WITH SYMANTEC? 1. The software isn’t as old or out-dated as Symantec makes it appear 2. The software is currently being used by many organizations around the world 3. Most software today is built to be modular, meaning that pieces are created individually and connected together using code. This is done to create more flexibility and reduce design costs. It is unrealistic to think that some parts or all of this leaked code is not being used in some format or style in current or future Symantec software. 4. Even if none of the code is used in current software, the leaked and posted documentation gives hackers and professional criminals insight into the software languages being used by Symantec, the format of the code, the Symantec coding process, and ideas on how Symantec things about software security. (C) 2012 THE LORENZI GROUP LLC
  • 6. HOW DID THIS HAPPEN? • Set it and Forget it Security: • Symantec and it’s 3 rd party organizations set up AntiVirus, AntiSpyware, and Firewalls and do not actively monitor them. • Symantec does not have proper BAA’s (Business Associate Agreements) in place. • Symantec does not properly audit 3 rd parties that hold confidential data • Symantec and it’s 3 rd parties do not proactively monitor their networks and devices for anomalies • It is HIGHLY likely that “Yama Tough” or another member of Lords of Dhramaraja is an employee of Symantec or it’s 3 rd party partner. • Set It and Forget It Security is DEAD! Proactive monitoring of networks and devices 24x7, and the use of AV/AS software, Firewalls, and DLP devices, are the only way to protect data today. (C) 2012 THE LORENZI GROUP LLC
  • 7. WHY YOU SHOULD CARE • If you use Symantec software, you are at risk. NOTE: It can be ANY software from Symantec, not just their AntiVirus software. • If you have friends, family, peers, or interact with organizations that use Symantec software, you are at risk. • Expect to receive an increase of emails, posts, IM requests, and SPAM because of this. Accidently clicking on any of these may expose your data. (C) 2012 THE LORENZI GROUP LLC
  • 8. WHAT YOU CAN DO • Run all software updates for Operating Systems and Antivirus, AntiSpyware, and Firewall software. • Run Software and Firmware updates for Firewalls, DLP, and other security devices. • Educate employees on the potential new wave of threats, their risks, and how to avoid them. • Begin evaluating AntiVirus software from vendors other than Symantec. • Begin proactively monitoring all traffic on network devices, including those of remote and mobile workers. (C) 2012 THE LORENZI GROUP LLC
  • 9. THE LORENZI GROUP Digital Forensics Data Security Proactive Network & Device monitoring (Lorenzi ANM) Research & Reputation Management 866-632-9880 www.thelorenzigroup.com info@thelorenzigroup.com (C) 2012 THE LORENZI GROUP LLC