Endpoint Protection

Hello,

the recent breach of company "Hacking Team" provided a lot of data regarding their internals activity.

It seems also that Symantec agreed to sign a "code signing certificate" for "Hacking Team" (the core business of the company was to sell exploits, spyware and hacks!!!!!!!).

See GITHUB linked from:

http://www.csoonline.com/article/2947718/data-breach/recapped-a-quick-round-up-of-developments-since-hacking-team-was-hacked.html

https://twitter.com/ydklijnsma/status/619998030490693632

1) What's the position of Symantec regarding the recent "Hacking Team" archive leak?

2) Does Symantec scrutinize thoroughly its customers before issuing certificates (=trust)?? Symantec isn't "Godaddy" I think, it's a security company... shouldn't give away certificates easily without proper verification.

3) Do Symantec product now detect "Hackign Team" spywares? thanks

For 1 and 2, don't expect an answer any time soon.

For 3, see the security response blog here:

https://www-secure.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacking-team-cache

Protection
Symantec and Norton products detect malicious code attempting to exploit the recent Flash Player zero-day vulnerabilities as follows:

• Exp.CVE-2015-5123
• Exp.CVE-2015-5122
• Exp.CVE-2015-5119

No, Symantec gave them the certificates with legit channels, as stated in the document.

Now, Symantec has revoked such certificates, acknowledging HackingTeam company as a malware company (or at least a company with dubious security practices).

To err is human and so symantec should really revise and tighten its certification workflow (it is a security company after all), also if this will raise the cost of issuing certificates.

Additional blog out with more protection added:

https://www-secure.symantec.com/connect/blogs/hacking-team-woes-adds-dangers-faced-internet-using-public