Posts tagged as:

Symantec

Symantec: Beware Firefox mal-extensions

by certifiedbug on December 7, 2009

in Browser

According to Symantec senior engineer Candid Wüest, the company has “recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts… to maximize their impact on a user’s machine.”

One avenue that’s taken is to drop the malicious extension directly into Firefox’s components directory. This means it will be automatically loaded with the browser, but will not show up in the Add-ons window.

Consequently, users are unlikely to know that the extension has been added, or see a mechanism to remove it.

http://www.itwire.com/content/view/29853/53/

{ 0 comments }

Symantec Website SQL injection

by certifiedbug on November 23, 2009

in Internet Security

Romanian hacker Unu posted on his blog that he had located a critical SQL injection vulnerability in a website belonging to security company Symantec.

If you remember, in February, Kaspersky faced with a sql injection. Then they had the courage to admit vulnerability, why have my admiration. There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract, I saved nothing, I have not abused in any way by the data found. My goal was, what is still, to warn. To call attention.

Softpedia

In an e-mail to Softpedia, Symantec has confirmed the existence of a vulnerabiliy in the pcd.symantec.com. Here is the full statement we received:

“A SQL injection vulnerability has been identified at pcd.symantec.com. The Web site facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea only. This incident does not affect Symantec customers anywhere else in the world.

“This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of updating the Web site with appropriate security measures and will bring it back online as soon as possible. Symantec is still investigating the incident has no further details to share at this time.”

http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml

{ 0 comments }

Symantec Support deleted popular security program

May 13, 2009

Monday, May 11, 2009
This week I was surprised to hear that a Symantec support rep actually told a customer that WinPatrol was a virus and during a remote assistance phone call they deleted WinPatrol from their system.
Bits from Bill: Symantec Support says WinPatrol is a Virus

HPHosts:
Symantec charges $99 to remove WinPatrol “virus” (aka Symantec [...]

Read the full article →

Symantec’s website vulnerability

April 16, 2009

April 14, 2009 Symantec issued a Press Release:
Internet Security Threat Report Finds Malicious Activity Continues to Grow at a Record Pace
Meanwhile in an ironic twist,
Dan Goodwin reported 15th April 2009 that Symantec had gaping security holes on their website which could allow exploiters to remotely execute malicious code on visitors computers.
The Register: Attention Symantec: There’s [...]

Read the full article →

Symantec partnership with ASK

March 25, 2009

The wheels on the bus go round and round. $$$
Donna Buenaventura has a discussion thread at Calendar Of Updates.
Safe Search update
http://certifiedbug.com/blog/tag/ask/

Read the full article →

Symantec picks on the small guys?

December 3, 2006

In the security forums it is not uncommon to see posts from confused users asking why (upon installing a Symantec product) they were told other programs they already had installed, such as Spybot-Search and Destroy, were incompatible and should be removed.
Bill Pytlovany of Billp Studios WinPatrol writes:
There’s a new malicious bot program making the rounds [...]

Read the full article →