Symantec advises customers to stop using pcAnywhere
27 January 2012
Symantec has advised the customers of its pcAnywhere remote control application to stop using it until fixes for a list of vulnerabilities are issued.
According to a recent white paper published by Symantec, the risks to the users include:
- Man-in-the-middle attacks because of vulnerable encoding and encryption elements within the software.
- If the attackers get their hands on the cryptographic key they can launch remote control sessions and then gain access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network.
- If the attackers place a network sniffer on a customer’s internal network and have access to the encryption details, the pcAnywhere traffic - including exchanged user login credentials - could be intercepted and decoded.
The white paper also contains recommendations for minimizing the potential risk of using the pcAnywhere, since some customers cannot stop using it because its of importance to their business.
A Symantec spokesperson said that fewer than 50,000 people used the standalone version of pcAnywhere - although the software was also bundled as part of other security packages.
pcAnywhere is also bundled in three Symantec products - Altiris Client Management Suite and Altiris IT Management Suite versions 7.0 or later, and Altiris Deployment Solution with Remote v7.1.
Also on the same day of the white paper publication, Symantec released a hotfix for two critical vulnerabilities in pcAnywhere that seemed not connected to the theft of the software's old source code.
Secure Encryption with Borer's FUSION Access Control System.
With Borer's Access Control System, data is read directly from the smart card to the reader controller for transmittal via the network without sending data across insecure interfaces such as Wiegand, clock and data, RS485, etc.
With Borer's Biometric Reader, cardholder data is fully encrypted using AES encryption. ISO and ANSI formatted Biometric fingerprint templates which ensure interoperability with other ISO and ANSI compliant sensors ensuring continuity of supply by eliminating dependency on any one sensor manufacturer.