A challenge was put forth on Zero Day, and it has been answered.
Apparently, McAfee doesn't care about XSS on their own sites either.
I'll let the video speak for itself.
For the love of all thing good and proper, McAfee, please address this issue...for yourselves and the consumers who look to you to do the right thing.
Sincerely,
Russ McRee
del.icio.us | digg
Russ McRee's HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant. HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
Subscribe to:
Post Comments (Atom)
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ... -
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
2 comments:
Ouch!
I can't believe a company would offer a product to certify to consumers that a site is ‘Hacker Safe’ or ‘PCI Compliant’ when they themselves cannot secure or sanitize their site.
PCI auditors, take note of these so called certifications falsely stating sites are secure to XSS when they are obviously not! From the videos you can see that the XSS attacks are not sophisticated and should have been found with good fuzzing tools.
This is truly outrageous!
-=Ghost=-
Post a Comment