BSD Systems » Security http://bsdsystems.com Serving the Phoenix Metropolitan area in Arizona, including Glendale, Peoria, Scottsdale, Tempe, and Mesa as well as Cave Creek, Carefree, Desert Hills, Anthem and New River Sat, 28 Jan 2012 01:43:07 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Symantec tells customers to stop using pcAnywhere http://bsdsystems.com/security/symantec-tells-customers-to-stop-using-pcanywhere/ http://bsdsystems.com/security/symantec-tells-customers-to-stop-using-pcanywhere/#comments Sat, 28 Jan 2012 01:20:28 +0000 Eric http://bsdsystems.com/?p=412 On Wednesday, Symantic began asking customers of pcAnywhere, their premeir PC remote control application, to stop using it until they have developeed and released patches for a number of vulnerabilities. 

From their release document:

  • If the attackers place a network sniffer on a customer’s internal network and have access to the encryption details, the pcAnywhere traffic – including exchanged user login credentials – could be intercepted and decoded.
  • If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network. [emphasis added]

Frankly, I’ve not been particularly fond of single-signon solutions, such as Active Directory, just because of these types of problems.

Link: HELP-NET SECURITY – Symantec advises customers to stop using pcAnywhere

]]> http://bsdsystems.com/security/symantec-tells-customers-to-stop-using-pcanywhere/feed/ 0