Symantec's 'Submit a Deal' Flawed

Thursday, 30 January 2003, 12:00 PM EST

A security glitch at Symantec's corporate website revealed to casual Web surfers hundreds of proposals from companies seeking to be bought out by the security firm.

The hole at Symantec's Submit a Deal site has some would-be buyout targets fuming over the billion-dollar company's careless handling of their sensitive data.

"We're talking about business deals. This is critical stuff, and I'm pretty upset about the potential damage this could do to us," said Eric Robichaud, chief executive of Rhode Island Soft Systems. RISS' proposal that Symantec acquire its Vmyths virus information site was among the many proffered deals revealed on the site.

After being notified this week that entries in its Lotus Notes database could be viewed by anyone with a Web browser, Symantec took the deal site offline. NGS Software, one of many security software companies that had submitted partnership proposals at the site, discovered the flaw.

Chris Paden, a spokesman for Symantec's business development group, said the company was unsure how long the data went unprotected. According to Paden, the information in the database was not confidential.

"It's not necessarily classified or covert information or tied up through legal bounds," he said.

But security industry analysts said the goof could be harmful to companies that opened their kimonos to Symantec.

[ Read more ]




Spotlight

A data security guy's musings on the OPM data breach train wreck

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Jul 28th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //