Hacker News new | past | comments | ask | show | jobs | submit login
Anonymous releases stolen Symantec source code (thepiratebay.se)
116 points by __david__ on Feb 7, 2012 | hide | past | favorite | 36 comments



Relevant:

"Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since Jan. 23rd to protect pcAnywhere users against known vulnerabilities." [1]

If I am understanding this correctly, there were existing and known vulnerabilities that are being patched now because the source was published?

It looks like open source does make software more secure :)

[1]: http://www.symantec.com/theme.jsp?themeid=anonymous-code-cla...


I think there's a good chance that these patches are for backdoors that would be discovered looking at the source.

I await for someone brave enough to get the source and publish a security analysis.


If there are backdoors which would be exposed by viewing the source, then Symantec is using security through obscurity.


No reason the security analysis cann't be published anonymously as well.


This is full disclosure[1] principle in action, and why security experts actually like "hackers" like Anonymous[2].

[1]http://en.wikipedia.org/wiki/Full_disclosure

[2]http://risky.biz/lulzsec


I'm not sure I understand the motive of this, other than saber rattling. Are they really fighting for everything to be open sourced to this extreme extent? Or should we assume this is the "script-kiddie" arm of Anon doing this as opposed to the more "noble"[1] work we see sometimes?

[1]debatable, and none of the above is necessarily what I believe


This is the AntiSec arm, which basically decided to simply attack security vendors and contractors to show them as snake oil salesmen. It wasn't really related to any sort of moral vision or goal, just fucking things up.


To be fair, exposing a snake oil salesman is a morally sound undertaking.


This has absolutely nothing to do with open-source. Please, don't confuse things. Also, it's not because the source code is now public that it became open.


The motive was apparently blackmail and an attempt to shake down Symantec for $50k: http://gizmodo.com/5883024/hackers-publish-symantecs-source-...


Though on twitter, Anonymous says it was Symantec trying to bribe them: https://twitter.com/#!/YourAnonNews/status/16689812134180454...


I dont know where you got that from. If you read the email thread it's clear Anon was asking for money from the beginning. It's clear extorsion. How is that at all Symantec trying to bribe them?


> The motive was apparently blackmail and an attempt to shake down Symantec for $50k

Symantec was the one offering the bribe. Well it wasn't even Symantec, they lied, it was FBI.


Please remove this post as it is misinformation, whether intentional or not.


> According to the email exchange, he also said that he was going to publish these facts and the source code unless Symantec paid him $50,000.

Either I am completely misteading Gizmodo or they are lying. In either case it seems too late to remove the post.


I guess I'm surprised that anyone is still using it, given the proliferation of FOSS VNC software and the fact that both OS X and Windows now have their own remote desktop capability. Does pcAnywhere offer advantages over these?


It has the same advantage that any paid anti-virus has over a free one i.e. some sense that because you've paid for something it must be better. Or in plain English, no advantage at all.

The irony is that Windows has had damn near perfect remote desktop support since 2002. How they've hung on for 10 years is beyond me.


Would be very informative if someone would write a blog post about their findings in the source code.


Wow! I'm intrigued and curious by what the "time bomb word docs" might contain. I don't really want the feds knocking on my door! Guess I will have to take a pass pulling this source code apart.


Honestly, a quick poll, does anyone actually still use PC Anywhere?


I have one customer that uses it to remotely access Bloomberg terminals because the Bloomberg software can detect if you're connecting via remote desktop and bar access to it. Of course, after this, I'll be transitioning them to VNC...


I hope whoever's blackmailing Symantec get jailed.


So is Anonymous going to be the Malcolm X to RMS's Martin Luther King, Jr.? Shift the Overton Window to make the GPL look like the most moderate, reasonable option?


No, because this actually has nothing to do with FOSS.


There's a big, big difference between making the code you write freely available and stealing other peoples' code in order to make it public.


Yes, quite like the difference between nonviolent protest for integration and armed militant separatism as independent attempts at dissolving the white man's oppression of african-americans.

You missed his analogy completely.


No I didn't. He was trying to imply these things are somehow poles on the same scale. They're not. For one thing, FOSS is already seen as perfectly reasonable by everyone but PR flacks from Microsoft and Oracle.

It's more like your idiot kid brother robs a bank, and now nobody in the neighborhood trusts you any more.


Have you read any of Stallman's more political and moral manifestos?


Anonymous: The militant wing of the FSF?

"Ve vill free all ze codes! Open zource everyzing!"

In all seriousness, though, this is not helping the community or fellow anons.


What in the world do you think this has to do with the FSF? How is releasing proprietary code at all similar to open sourcing it?

I'm really failing to understand how you made this association or why you think their intent was driven by desire to expose all code. From the torrent description it appears they are trying to out something that Symantec did wrong, not simply release the code.


They opened the source to the world, did they not?

(yes, yes, I know the difference, but in the right light this is funny, no? Releasing the source code has gone beyond mere piracy to active liberation!)


If you know the difference, why mention the FSF?

Not only this code is not free, it's toxic. If anyone does or wants to work on free or open source software, I suggest not even looking into this codebase.


So, kind of like the GPLv3 or AGPLv3?


i realize that copyleft proponents and permissive license proponents tend to have different views, but painting everyone that disagrees with you as "zealots" and taking cheap pot shots like the ones you see increasingly on hn is pretty intellectually dishonest.

everyone knows that open source has successfully overshadowed free software. no need to continue to marginalize them more than has already been done, you win. they'll try forever to be taken seriously, and everyone will try very hard to miss the point.

also, while a lot of people on hn seem to think that permissive licensing is the only way to do it, most copyleft proponents do think there is a place for permissive licensing. so pretending it's the people calling for more than one solution "zealots" is especially silly.

tl;dr but as long as you outnumber them, you can tell everyone they're the zealots, and as long as you outnumber them you can win the argument (the accusation) by popular support. 100 million open source advocates can't be wrong, (and even if they were, who cares?)


Curiously, this comment thread distinctly shows the two groups of people currently on HN - preconventional & postconventional.


I've gone throught the email conversation, i feel like they didn't really just wanted the money. A blackmailer don't just ask:

"SO  - you told us a week ago that you've being requesting a    response from Fin dprtmnt. We got no answer for the below question    so far:            ?How much do you consider ENOUGH to pay us in order to            work all the issues out?

"

He know what the value of what he got.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: