By Doug

PcAnywhere is a popular off-the-shelf remote access software package that allows personnel or vendors to access a business computer network remotely for various reasons.  Semantec, the developer of pcAnywhere has announced that the source code for pcAnywhere is believed to have been compromised in 2006 during a breach to their network.  A well known hacking group has recently claimed that they have the source code which may allow them to develop exploits which could potentially allow them to access the networks of businesses that use pcAnywhere.

Visa's Global Cyber Security Leader has indicated that "Visa highly recommends pcAnywhere and other unnecessary ports be disabled from the firewall to prevent POS systems from being compromised."  In addition, Semantec has provided a whitepaper regarding the source code compromise with recommendations to mitigate risk.  It is available here.  Please also note that PCI DSS requires that ports used for remote access be closed when not actively in use.

If your business uses pcAnywhere, your computer network may be vulnerable to being hacked.  Therefore, it is important that this information be forwarded to technical personnel, whether internal or external, so that appropriate assessment and action can be taken to secure your business network.  Small businesses that do not have internal IT resources may wish to forward this information to the entity that installed your network.