Overclock.net › Forums › Industry News › Software News › [CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code
New Posts  All Forums:Forum Nav:

[CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code - Page 6  

post #51 of 113
Symantec (or the FBI) offered 50K for a promise that they would not release the code and that they would lie that the hack was a hoax and never happened in the first place.To me, the fact that they offered money for them to lie about not being hacked makes Symantec equally guilty. They have thousands of customers and for a company that revolves all around computer security, knowing that they were victims to hackers would certainly hurt their integrity but they tried to sweep it all under the rug with a $50k bribe.
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4,000,000,000,000,000μHz GIGABYTE G1 Guerilla XFX 5870 CF 6 GB G-Skill Tri-Channel DDR3 1600 
Hard DriveOSMonitorKeyboard
2x WD 500GB RAID 0 / Vertex 2 Extended 60GB OS Windows 7 Ultimate x64 HP w2207h 1680x1050 Sidewinder x6 
PowerCaseMouse
RMA HAF 932 Black Edition RAT 7 
  hide details  
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4,000,000,000,000,000μHz GIGABYTE G1 Guerilla XFX 5870 CF 6 GB G-Skill Tri-Channel DDR3 1600 
Hard DriveOSMonitorKeyboard
2x WD 500GB RAID 0 / Vertex 2 Extended 60GB OS Windows 7 Ultimate x64 HP w2207h 1680x1050 Sidewinder x6 
PowerCaseMouse
RMA HAF 932 Black Edition RAT 7 
  hide details  
post #52 of 113
Quote:
Originally Posted by PoopaScoopa View Post

What part of "this is how the industry works" do you not get? The goal is to always make it public. Usually, only after they've given the vendor enough time to patch it, which they did here. Sometimes the vendors will ignore the warning and it will eventually get released publicly to force them to address it. I'm sorry you don't understand how the industry works but it's been like this because it works.

Dude, THIS is not how the industry works. Regardless of the speed at which Symantec released the fix, regardless of the prior actions that got them to release the fix, they released the fix before AntiSec decided to release the source code into the wild. It wasn't until after they did that their source code was released to the public. If the goal was to get them to patch their software, what's the point in releasing the code afterward? The problem was fixed. That's not how the industry works, and no amount of you saying it is will change that. If an entity is truly interested in the common good, they wouldn't douse a room with gasoline and spark a match as they run away. There's no use in that, there's no honorable statement in that other than saying, "see what we can do?"
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
post #53 of 113
Great. More fuel to help congress pass tighter anti "hacking" laws and I'm sure they will some how also use this to pass tighter "piracy" laws and use it as a reason why they have to censor the internet, because you know, we gotta stop the terrorist.

These hacking groups are not helping, they are just causing more damage than good.
post #54 of 113
Quote:
Originally Posted by konoii View Post

Great. More fuel to help congress pass tighter anti "hacking" laws and I'm sure they will some how also use this to pass tighter "piracy" laws and use it as a reason why they have to censor the internet, because you know, we gotta stop the terrorist.
These hacking groups are not helping, they are just causing more damage than good.

^This
While hackers may be good at hacking stuff, they sure don't look at the 'bigger picture'
They are the reason why we are going to lose our freedom on the net...
Obsiden V2.0
(18 items)
 
HP Touchpad
(0 items)
Random Tech Stuff
(27 photos)
CPUMotherboardGraphicsRAM
Intel Core I7 970 @ 4.2Ghz Asus Rampage Formula III ASUS GTX780 12GB G.Skill DDR3 1600 
Hard DriveHard DriveCoolingOS
Samsung 840  Toshiba 5tb Thermalright Silver Arrow Windows 10  
MonitorMonitorKeyboardPower
Auria 27" 1440p IPS @85hz Acer H243Hbmid 24"  Ducky Shine Zero TKL MX Browns OCZ 1010watt 
CaseMouseMouse PadAudio
Syrillian Built Tech Bench (Obsiden Silence) Zowie EC2 Blue SteelSeries QcK Mini Creative ZxR 
AudioAudio
KRK Rokkit 5 Gen2 Tonar USB Condesnsor Mic 
  hide details  
Obsiden V2.0
(18 items)
 
HP Touchpad
(0 items)
Random Tech Stuff
(27 photos)
CPUMotherboardGraphicsRAM
Intel Core I7 970 @ 4.2Ghz Asus Rampage Formula III ASUS GTX780 12GB G.Skill DDR3 1600 
Hard DriveHard DriveCoolingOS
Samsung 840  Toshiba 5tb Thermalright Silver Arrow Windows 10  
MonitorMonitorKeyboardPower
Auria 27" 1440p IPS @85hz Acer H243Hbmid 24"  Ducky Shine Zero TKL MX Browns OCZ 1010watt 
CaseMouseMouse PadAudio
Syrillian Built Tech Bench (Obsiden Silence) Zowie EC2 Blue SteelSeries QcK Mini Creative ZxR 
AudioAudio
KRK Rokkit 5 Gen2 Tonar USB Condesnsor Mic 
  hide details  
post #55 of 113
I don't see why anyone would feel sorry for anyone in this situation.

They left their source code vulnerable and it was their fault. It something can be taken, it will be. Kind of like the law of the universe, at least here on earth.

You leave a million dollars on the ground, yea someone is gonna take it. You put that million dollars on the ground, surrounded by a complex obstacle course, then it will still be taken, but not everyone will be able to take it, only the skilled people will be able to.

Losers weepers, finders keepers?

It seems like companies like this don't care enough about keeping anything secure, and that is all their fault, no one elses.
SB goodness
(14 items)
 
Core 2 duo
(9 items)
 
folder
(8 items)
 
CPUMotherboardGraphicsRAM
2500k @ 4.6ghz,1.47v 24/7 GIGABYTE GA-P67A-UD4-B3 $200 EVGA GTX 970 SSC @ 1505mhz 16gb 2400 SuperSC DDR3 
Hard DriveCoolingOSPower
960gb Sandisk Ultra II Corsair H100i v2 Windows 7 64-bit SeaSonic X650 Gold 
CaseMouseMouse Pad
Obsidian Series® 750D Airflow Edition Zowie FK 2 Speed by Surface/Steelseries SX/Steelseries 9HD 
CPUMotherboardGraphicsRAM
Core 2 Duo E6750 Asus P5n32-e SLI EVGA 8800gt superclocked @ 750/725 gaming/folding 4gb Fatal!ty ddr2 800 
Hard DriveCoolingOSPower
64gb SSD Stock Win 7 64 bit Corsair CX500 
Case
NZXT 
CPUMotherboardGraphicsRAM
Intel Pentium E6300 MSI G41M4-F GTX 460 2gb A-data ddr2 800 
Hard DriveOSPowerCase
150gb raptor Ubuntu 13.04 64-bit Coolmax 520W NZXT 
  hide details  
SB goodness
(14 items)
 
Core 2 duo
(9 items)
 
folder
(8 items)
 
CPUMotherboardGraphicsRAM
2500k @ 4.6ghz,1.47v 24/7 GIGABYTE GA-P67A-UD4-B3 $200 EVGA GTX 970 SSC @ 1505mhz 16gb 2400 SuperSC DDR3 
Hard DriveCoolingOSPower
960gb Sandisk Ultra II Corsair H100i v2 Windows 7 64-bit SeaSonic X650 Gold 
CaseMouseMouse Pad
Obsidian Series® 750D Airflow Edition Zowie FK 2 Speed by Surface/Steelseries SX/Steelseries 9HD 
CPUMotherboardGraphicsRAM
Core 2 Duo E6750 Asus P5n32-e SLI EVGA 8800gt superclocked @ 750/725 gaming/folding 4gb Fatal!ty ddr2 800 
Hard DriveCoolingOSPower
64gb SSD Stock Win 7 64 bit Corsair CX500 
Case
NZXT 
CPUMotherboardGraphicsRAM
Intel Pentium E6300 MSI G41M4-F GTX 460 2gb A-data ddr2 800 
Hard DriveOSPowerCase
150gb raptor Ubuntu 13.04 64-bit Coolmax 520W NZXT 
  hide details  
post #56 of 113
Thread Starter 
Quote:
Originally Posted by guyladouche View Post

It wasn't until after they did that their source code was released to the public.
That's not how the industry works

lachen.gif That's exactly how it works. You notify vendor of vulnerability, give them time to fix it and release vulnerability to the public after it's been patched.
Go to http://www.zerodayinitiative.com and learn how this works. People with malicious intent don't disclose their exploits to the public. They keep it to themselves to make a profit. It's quite simple actually, yet for some reason, too difficult for you to comprehend.


Quote:
Originally Posted by guyladouche View Post

what's the point in releasing the code afterward?
Read up and learn little one. It's all laid out right in front of you.
Edited by PoopaScoopa - 2/7/12 at 2:18pm
post #57 of 113
Quote:
Originally Posted by KarmaKiller View Post

^This
While hackers may be good at hacking stuff, they sure don't look at the 'bigger picture'
They are the reason why we are going to lose our freedom on the net...

If it wasn't for hackers we wouldn't even have an internet.
post #58 of 113
Quote:
Originally Posted by PoopaScoopa View Post

lachen.gif That's exactly how it works. You notify vendor of vulnerability, give them time to fix it and release vulnerability to the public after it's been patched.
Go to http://www.zerodayinitiative.com and learn how this works. People with malicious intent don't disclose their exploits to the public. They keep it to themselves to make a profit. It's very simple, yet for some reason, too complicated for you to comprehend.
Read up and learn little one. It's all laid out right in front of you.

Releasing source code after a fix is released which you demanded is malicious. That is not how the industry works.

Could Sym have listened better and reacted sooner? Of course. Does that excuse the unethical behavior of AntiSec on this issue? Not at all.

As I said--if the goal was to get Sym to release a fix, they accomplished that. Only after the fix was issued did they decide to release the source code. There's nothing altruistic or good about that.
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
post #59 of 113
Quote:
Originally Posted by PoopaScoopa View Post

If their intent was to be malicious, they never would of notified the vendor of the vulnerability and certainly wouldn't of made it public. They'd be actively exploiting it for profit among themselves. I realize this is too difficult for you understand but this is how the industry works. Most companies don't invest enough money into developing applications designed around security. It's easier to push the product out now and hope no one finds any vulnerabilities. Companies regularly pay compensation for disclosing this information to them. Google pays good money to security researchers who find exploits in their code.

Yes, it is difficult for me to understand why you hold illogical opinions as facts, PoopaScoopa. You really have no idea what you are talking about. The "real" security "experts" are under contracts and are often hired for their work. Antisec finds them, and just exploits them. These "experts" that Google and other companies hire are paid to find the holes to prevent people like Antisec from using them. If you ever have the experience of having your identity stolen, just don't worry about it. The thief behind it will simply report the data back to your bank and other places you are apart of. As a reward, he can keep all the money he stole and you can live with the damaged name.

OH LAWD, BUT Y U COMPARE EXPERT SECURITY RESEARCHERS TO IDENTITY THIEVES?
I'm not.

YOU WILL NEVER UNDERSTAND!!
You will never understand.

BUT BUT BUT OTHER COMPANIES PAYZ TEH GOOD MONEY FOR THIS KIND OF STUFF
No, they don't. Not from people like antisec. You don't see security firms relying on black-hats do you? No, they hire white-hats to prevent the black-hats from ruining them.
Mine
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-6700K 4.0GHz Quad-Core Asus Z170 PRO GAMING ATX LGA1151 EVGA GeForce GTX 1070 8GB SC Gaming ACX 3.0 G.Skill Ripjaws V Series 16GB (2 x 8GB) DDR4-3200 
Hard DriveHard DriveHard DriveHard Drive
PNY CS1311 480GB SSD Barracuda 500 WD 1000 WD 1000 
CoolingOSMonitorMonitor
Thermalright TRUE Spirit 140 POWER 73.6 CFM Windows 10 Acer S277HK 27" 4K Acer 23" 1080p 
MonitorKeyboardPowerCase
Acer 23" 1080p Razer Black Widow Ultimate EVGA SuperNOVA G2 550W 80+ Gold Corsair 330R Titanium Edition ATX 
Mouse
Logitech G303 Daedalus Apex 
  hide details  
Mine
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-6700K 4.0GHz Quad-Core Asus Z170 PRO GAMING ATX LGA1151 EVGA GeForce GTX 1070 8GB SC Gaming ACX 3.0 G.Skill Ripjaws V Series 16GB (2 x 8GB) DDR4-3200 
Hard DriveHard DriveHard DriveHard Drive
PNY CS1311 480GB SSD Barracuda 500 WD 1000 WD 1000 
CoolingOSMonitorMonitor
Thermalright TRUE Spirit 140 POWER 73.6 CFM Windows 10 Acer S277HK 27" 4K Acer 23" 1080p 
MonitorKeyboardPowerCase
Acer 23" 1080p Razer Black Widow Ultimate EVGA SuperNOVA G2 550W 80+ Gold Corsair 330R Titanium Edition ATX 
Mouse
Logitech G303 Daedalus Apex 
  hide details  
post #60 of 113
hahaha
Current Rig
(10 items)
 
Old
(11 items)
 
2014
(14 items)
 
CPUMotherboardGraphicsRAM
AMD Athlon 64 X2 3800+ Foxxconn 6150BK8MC 256MB ATI RADEON X800 PCIE 2.5 GB DDR400 
Hard DriveCoolingOSMonitor
80 GB Western Digital Thermaltake GunMet Orb MS Windows 7 Ultimate 64-bit Acer S230HL 
PowerCase
Allied SL-8360BTX ATX 350w Antec 300 
CPUMotherboardGraphicsRAM
AMD Athlon 64 3000+ K8 Combo-Z 256MB ATI Radeon 9550 / X1050 Series 1 GB 
Hard DriveOptical DriveOSMonitor
80 GB Western Digital OPTORITE CD-RW MS Windows XP Professional 32-bit SP3 Acer S230HL 23-Inch 
Power
Orion YH-480w 
CPUMotherboardGraphicsRAM
Intel i5-4670K MSI Z87-G45 MSI GTX 760 TF 2GD5 8GB G.SKILL Trident X DDR3-2400 
Hard DriveCoolingOSMonitor
Seagate Barracuda 500GB Cooler Master Hyper 212 EVO Microsoft Windows 10 Acer S230HL 23" 
KeyboardPowerCaseMouse
Logitech G105 SeaSonic M12II 620w 80+ Bronze Antec 300 Razer Deathadder 2013 
  hide details  
Current Rig
(10 items)
 
Old
(11 items)
 
2014
(14 items)
 
CPUMotherboardGraphicsRAM
AMD Athlon 64 X2 3800+ Foxxconn 6150BK8MC 256MB ATI RADEON X800 PCIE 2.5 GB DDR400 
Hard DriveCoolingOSMonitor
80 GB Western Digital Thermaltake GunMet Orb MS Windows 7 Ultimate 64-bit Acer S230HL 
PowerCase
Allied SL-8360BTX ATX 350w Antec 300 
CPUMotherboardGraphicsRAM
AMD Athlon 64 3000+ K8 Combo-Z 256MB ATI Radeon 9550 / X1050 Series 1 GB 
Hard DriveOptical DriveOSMonitor
80 GB Western Digital OPTORITE CD-RW MS Windows XP Professional 32-bit SP3 Acer S230HL 23-Inch 
Power
Orion YH-480w 
CPUMotherboardGraphicsRAM
Intel i5-4670K MSI Z87-G45 MSI GTX 760 TF 2GD5 8GB G.SKILL Trident X DDR3-2400 
Hard DriveCoolingOSMonitor
Seagate Barracuda 500GB Cooler Master Hyper 212 EVO Microsoft Windows 10 Acer S230HL 23" 
KeyboardPowerCaseMouse
Logitech G105 SeaSonic M12II 620w 80+ Bronze Antec 300 Razer Deathadder 2013 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code