Comments on: Inside Symantec's security bunker

What goes on behind the locked underground doors, as the company hunts down hacking attacks and tracks botnets?

[BlueLaser]

So why the nuke bunker?

I understand that digital security is a very serious issue and that some security threats can affect lives...but a nuclear bunker?

Is this really practical or just for show?

My Guess...

My guess is that they got a good deal for the facility from the British government. Governments often sell land, equipment or even decomissioned bunkers at below market values to reduce inventories they are not using.

[GrandpaN1947]

Newbies will see

this bunker story and think they are doing a great job. Personally, in the past I've found their software to be a pretty interface but largely ineffective. Perhaps they need a bunker so newbies will think they have it together, kind of like feeling safer with AOL :-)

[My-Self]

And they still could not detect the Sony Rootkit ...

That paranoia level seems designed to floor executives without real knowledge about computer security and it certainly works for that use.

One thing I'm still wondering is, how comes Symantec (and all others) could not detect the Sony Rootkit while it was reportedly infecting around 500000 machines and had done so for months.

The article defines emergency as "Emergency: There is a possibility of code being deposited on vulnerable machines". So did Symantec do as they say "If the situation is critical or an emergency, we pick the phone up and say to the customer 'You could be under attack,'" or did they rather phone Sony/BMG to work out an arrangement ?

Who else have such deals with Symantec ? Who else is authorised to exploit vulns and get away with it ?

Maybe it takes more than a cold war bunker to hide their dirty secrets ...

[The Harper]

But, they did detect it!

For what it's worth, the most recent version of both SAV (Symantec AV) and NAV (Norton AV) detected the Sony rootkit. If you go back to some of the first articles on the topic, one of the ways this particular rootkit was "discovered" was via Symantec Response, who then issued an advisory.

So your point is . . . ? ? ?

[Yog Sothoth]

Funny British quirk escapes in this article

to quote the article:
"If anyone gets past that, there's one last line of defense to deal with. "That's when I appear with a baseball bat," said Gordon May, Symantec's facilities manager."

Anyone who knows anything about British culture will find this comment hilarious.

(hint...it's about FIREARMS!!!)

I think I giggled for 10 minutes.

[n3td3v]

What I have

1. Banks of monitors for news tv channels world wide
2. Security news wire on Google Groups for e-mail based news.
3. Political radio phone-in discussion listened to at times of breaking news.
4. Two computers. one for visiting sites , other for software development and web development, with server facing the internet for honey potting.
5. Key word user name accounts on corporate I.M to honey the latest I.M phishing and virii threat.
6. Key word user name accounts on corporate E-mail to honey the latest Mail phishing and virii threat.
7. Connections to IRC, internet forums, mailing lists and interpersonal friending of suspected malicious users.
8. Connections to indivudal employees connected with big corporate web sites to feed back infos between each other.
9. A general internet presence under the "n3td3v" alias to let the internet and security community know of current feeling on news sites.
10. Propaganda mailings sent to corporations with recommendations of vulnerabilities and exploit and incident found to be current on the vendor's network and/ or software.