Even fully patched pcAnywhere installations vulnerable, says researcher


Even a fully patched pcAnywhere installation is vulnerable to remote attacks, according to a security researcher.  As reported by InformationWeek, Jonathan Norman, director of security research at Alert Logic wrote a short Python script called "PCAnywhere Nuke" that crashes a service associated with the remote access software. Looping the code repeatedly will essentially create a denial of service attack, says Norman.

When asked for comments about alleged exploit, a Symantec spokesman acknowledged in an email to Computerworld that "Symantec is aware of the posting and is investigating the claims." It is worth noting that Norman also wrote about having stumbled "on a few other flaws" in the course of his research in his terse blog entry.

This latest development comes almost a month after Symantec issued a call to drop the use of pcAnywhere in the wake of a code theft. The company has since issued an update to resolve known security problems, and correspondingly dropped the warning at the end of last month. At that time, some publications--including FierceCIO:TechWatch--have noted Symantec's apparent reticence to declare that a patched pcAnywhere installation is safe to use.

Well, the reason that the company has not made any promises may have to do with the age of the source code. A detailed analysis of the leaked source code by an anonymous researcher and published on the InfoSec Institute has challenged earlier assertions from Symantec that the stolen code was "old code" and "not in use."

The analysis referred to the well-commented source code, observing that: "Clearly core functionality in the product has and continues to exist today from the same code used for years." The unknown researcher went on to call pcAnywhere a "product of the dial-up Internet days" which has since been obsoleted by other more secure products, calling for businesses to uninstall it.

Is your company still using pcAnywhere for remote access? Do you have any plans to switch to something else?

For more:
- check out this article at Computerworld
- check out this article at InfoSec Institute

Related Articles:
Symantec drops warning against use of pcAnywhere, but questions remain
Symantec warns against use of pcAnywhere in wake of code theft
Hackers tried to extort $50K from Symantec over source code