[Norton Ghost 12 Source Code Leak In C
Abdul Soumphonphakdy
An internet leak is the unauthorized release of information over the internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date.
Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files through exploits, software bugs, or employees that have access to the sources or part of them revealing the code in order to harm the company.
Sometimes software developers themselves will intentionally leak their source code in an effort to prevent a software product from becoming abandonware after it has reached its end-of-life, allowing the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open-source can include scattered or lost intellectual property rights. An example is the video game Falcon 4.0[54][55] which became available in 2000; another one is Dark Reign 2.[56][57]
An Internet leak occurs when a party's confidential information is released to the public on the Internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date.
Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files by exploiting, by software bugs, or by employees that have access to the sources of part of them revealing the code in order to harm the company.
Sometimes software developers themselves will intentionally leak their source code in an effort to prevent a software product from becoming abandonware after it has reached its end-of-life, allowing the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open-source can include scattered or lost intellectual property rights. An example is the video game Falcon 4.0[31][32] which became available in 2000; another one is Dark Reign 2,[33][34] which was released by an anonymous former Pandemic Studios developer in 2011. Another notable example is an archive of Infocom's video games source code which appeared from an anonymous Infocom source and was archived by the Internet Archive in 2008.[35]
A message was put up with the source code on Tuesday claiming the code had been taken more than a year ago and alleging Symantec had weak security products. The leak reportedly came from Anonymous' Twitter handles @AnonymousIRC and @Par_AnoIA.
The message read: "As you all see its fully 7z packed content, whats in it!? The loosely Source Code of Norton Utilities 2006 made by one of the worse security vendors on planet earth, Symantec! Also as many of you know this was planned back before Sabu was arrested. Yeah McAfee you suck too!"
This is not the first time Symantec's product source codes have been exposed. Earlier in January, hacker group Lord of Dharmaraja published a portion of Symantec's antivirus source code of its pcAnywhere product. The security vendor then admitted its servers had been hacked, but maintained it was unlikely its customers were affected by the leak.
When approached, Symantec said in an e-mail statement: "We have analyzed the code that was posted and concluded that it is the same code already posted by another group in January 2012. As we stated at that time, the 2006 version of Norton Utilities is no longer sold or supported.
"The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities. Furthermore, we have no indications that the posting of this old code impacts the functionality or security of any other Symantec or Norton solutions."
Those who claim to be members of Anonymous have said for months that they were in possession of the source code, something that Symantec eventually admitted to, but only confirmed that a "segment" of the code leaked at the time.
The download file, at 1.07GB, appears to include the source code to a number of products within the software, including the consumer version, the corporate edition, and other files for Windows, Unix, and NetWare.
Attached to the file, a note calls for the release of the LulzSec hackers, who were taken down by the authorities this week. There was an exception of one name, however: "Sabu", or Hector Xavier Monsegur, who was the leader of the group, and suspected of working with the FBI to inform on his fellow hackers.
It is believed that the Indian authorities wanted access to the source code to ensure that the product was secure. Symantec agreed, and the code was inspected. But the source code was left to stagnate on a poorly-secured network which was then accessed by the hackers.
The anti-virus and security company previously said that the breach will "not affect any current Norton product". It added: "The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities."
I tried GhostBSD before and found some issues with my T430. That said, Windows 10 wouldn't install on it either, had to reset the BIOS altogether to get anything sane happening. Maybe time I put GhostBSD back on it and start using it as a daily use machine again I think.
Yes, I had some problems with last year's version, but this update is much smoother and worked really nicely. I couldn't really find anything to criticize, in fact. But don't worry, I will go back and have a harder look. ;-)
The reason I took off GhostBSD was that closing or opening the lid would cause a crash. So I reinstalled Ubuntu - same thing. Thinking it had become hardwarily unreliable, I set it aside. Someone suggested resetting the BIOS - wasn't sure what good it would do, but it cured Ubuntu, so now I just need to try GBSD again.
A lid open/close hang or crash isn't necessarily a suspend/resume problem. I have Win10 on a Thinkpad T480s with the screen power action set to "None", and it still frequently hangs hard if the lid is closed and opened. There's some Thinkpad BIOS or screen-switch bug that's triggered just by the screen switch even if the OS is set to ignore it. Could be ACPI, could be telling the video driver to switch outputs... who knows.
I haven't tried updating the Thinkpad BIOS because I've had bad luck with Lenovo's BIOS updater in the past, bricking one machine. That one was fortunately still under warranty but I'm not eager to try it again. (Flashing the BIOS is a PC industry failure. There are too many irrecoverable failure modes. Machines should ship with two copies of the firmware and a hardware selection switch; it wouldn't add much to the cost.)
FYI, I've probably done that 1000's of times across a wide range of models and never had it brick a laptop. I think you were either really, really unlucky or there was some underlying fault neither the hardware or whatever OS you were running the updater on. Ditto with HPs and Dells.
In realty, as a field engineer of many years, it's always been company policy to flash the BIOS/firmware whenever a system board is being replaced under warranty, whether that be server[*], desktop, laptop, printer etc. (ditto for other firmware[**] on the system). I've had exactly one that has bricked in 20+ years and that was a building power outage during the update process.
Likewise, and so far as I recall we've only ever had one machine (a laptop) bricked by a BIOS update - fortunately still under warranty so they replaced the motherboard. Must have done it hundreds or thousands of times - mostly Dell machines: desktops, laptops and servers.
I am typing on macOS right now, but TBH, I like it a little bit less with every release. It's getting more and more closed and locked-down. Soon it will go Arm-only and then the Hackintosh world will end.
And that is a key problem: Macs remain fairly expensive. All mine are 2nd hand and all but one were free or cheap, but the Arm kit is much less amenable to ripping the back or bottom off and upgrading it with cheap used off-the-shelf bits: maxing out the RAM with 2nd hand DIMMs and cheapo 3rd party SSD and HDD.
That's where Linux comes in, but the big-name Linuxes are _also_ getting increasingly locked-down: harder to modify and infested with huge complicated fancy tools replacing the era of simple little Unix tools.
I see this time and again. And it's bollocks. I expect better from you, Liam. The feeling of being 'locked-down', as I'm sure you know, is largely down to SIP. This can very easily be disabled, but I wouldn't recommend it. Frankly, KEXTs are a terrible idea, no software should mess with the network stack or the kernel, and the /bin and /sbin should be treated as sacrosanct by the OS if needs be. And yes, developers should absolutely sign their code. Apple should make it easier for developers to do this, but by the same token, forcing it is a good thing.
>> It's getting more and more closed and locked-down. Soon it will go Arm-only ... Arm kit is much less amenable to ripping the back or bottom off and upgrading it with cheap used off-the-shelf bits: maxing out the RAM with 2nd hand DIMMs and cheapo 3rd party SSD and HDD.
Software developers are restricted in the features they can add to apps because of app review, default interpreters like Python are no longer included, incrementally more features are linked to subscriptions and Apple IDs, Safari addons must be distributed via the store.
795a8134c1