Tuesday, May 13, 2008

McAfee is NOT McAfee Secure

A challenge was put forth on Zero Day, and it has been answered.
Apparently, McAfee doesn't care about XSS on their own sites either.
I'll let the video speak for itself.
For the love of all thing good and proper, McAfee, please address this issue...for yourselves and the consumers who look to you to do the right thing.
Sincerely,
Russ McRee

del.icio.us | digg

1 comment:

-=Ghost=- said...

Ouch!
I can't believe a company would offer a product to certify to consumers that a site is ‘Hacker Safe’ or ‘PCI Compliant’ when they themselves cannot secure or sanitize their site.

PCI auditors, take note of these so called certifications falsely stating sites are secure to XSS when they are obviously not! From the videos you can see that the XSS attacks are not sophisticated and should have been found with good fuzzing tools.
This is truly outrageous!

-=Ghost=-