Tuesday, May 13, 2008

McAfee is NOT McAfee Secure

A challenge was put forth on Zero Day, and it has been answered.
Apparently, McAfee doesn't care about XSS on their own sites either.
I'll let the video speak for itself.
For the love of all thing good and proper, McAfee, please address this issue...for yourselves and the consumers who look to you to do the right thing.
Sincerely,
Russ McRee

del.icio.us | digg

2 comments:

Anonymous said...

Ouch!
I can't believe a company would offer a product to certify to consumers that a site is ‘Hacker Safe’ or ‘PCI Compliant’ when they themselves cannot secure or sanitize their site.

PCI auditors, take note of these so called certifications falsely stating sites are secure to XSS when they are obviously not! From the videos you can see that the XSS attacks are not sophisticated and should have been found with good fuzzing tools.
This is truly outrageous!

-=Ghost=-

techtalk said...
This comment has been removed by a blog administrator.

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...