<br><div class="gmail_quote"><br><div class="im">"Sadly, we'll likely never know the answer."<br></div>how come ? attackers can easily post details on how they compromised the targets and to whom they belong and considering there could be a couple of names and , perhaps , some phones or emails included in such leak , it shouldnt be hard to connect the dots . the cybergames between Pakistani and Indian groups is going on for a very long time now and although people in forums and tweets are already making conclusions about the nature of this specific attack i'd be skeptic about it considering all that's happening around the world , say , the close ties between India and Israel , China's attempts to build military bases in Pakistan seeing the danger of U.S getting closer and the shit coming with these sorts of deals . i can not care less about the release of Symentec's products and if it has particularly any impact on its users . instead i'm wondering since both Pakistan and India have serious realworld Nuclear Arsenal ,and both countries were subject to very radical attacks of different types , this could be the start of a whole new serious concern <br>
<div><div></div><div class="h5">
<br><div class="gmail_quote">On Sat, Jan 7, 2012 at 12:24 AM, William Arbaugh <span dir="ltr"><<a href="mailto:warbaugh@gmail.com" target="_blank">warbaugh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Security Week ran a story that Symantec's AV source was obtained (and soon to be released) via a compromise of an Indian Military Intelligence server. <a href="http://www.securityweek.com/symantec-investigating-possible-theft-norton-av-source-code" target="_blank">http://www.securityweek.com/symantec-investigating-possible-theft-norton-av-source-code</a><br>
<br>
Symantec issued a statement that the compromise and eventual release of the source does not place customers at risk since the source is 4+ years old. <a href="http://www.facebook.com/Symantec/posts/10150465997682876" target="_blank">http://www.facebook.com/Symantec/posts/10150465997682876</a><br>
<br>
Really? I guess they don't reuse code across product generations like most vendors.<br>
<a href="http://www.neowin.net/news/windows-has-a-17-year-old-un-patched-vulnerability" target="_blank">http://www.neowin.net/news/windows-has-a-17-year-old-un-patched-vulnerability</a><br>
<br>
The interesting question, however, is to whom in the Indian government did Symantec provide the source? I understand that major corporations provide source to a number of governments for a variety of reasons- mostly for sales and export approval. But did Symantec give it to the Indian Military Intelligence, or did the Indian intel community obtain it from another part of the Indian government? If the later, then any source provided to the Indian government is in Indian intel's hands. Sadly, we'll likely never know the answer.<br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com" target="_blank">Dailydave@lists.immunityinc.com</a><br>
<a href="http://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">http://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
</blockquote></div><br>
</div></div></div><br>