Tuesday, May 20, 2008

McAfee Partner isn't McAfee Secure either

Winferno.com is an authorized distributor of McAfee Software. OK.
They use Verisign 128-bit SSL to secure your transaction. Can't take issue with that.
All good so far...but wait!
Shouldn't a McAfee Partner be McAfee Secure?
Apparently not, and being one wouldn't have cured the XSS blues anyway.
Next in our video series, a supposedly secure shopping cart that is far from.

Here's an IFRAME.
Here's the cookie.
As well we know, coughing up the cookie counts as a really bad thing for any shopping cart, let alone an SSL protected shopping cart that happens to be a McAfee Partner and authorized distributor of McAfee Software. But lest we forget, McAfee doesn't count XSS as concerning.
Here's the video.
Huge props to Ronald van den Heetkamp for starting this whole debate years ago, and for exposing Brett Oliphant for the fraud that he is.
Fraud is the key word here. Hacker Safe was fraudulent, McAfee Secure is fraudulent, and buying from Winferno puts consumers at risk for being defrauded, not only due to horrendous site code, but perhaps bad business practices as well.
I won't even ask if McAfee has any standards, we already know the answer.
Their standards have left the building.

del.icio.us | digg

2 comments:

Anonymous said...

I am a McAfee employee. There are several things about this post that make no sense.

McAfee only has 5 distributors that are authorized to sell their products. Ingram Micro, Tech Data, MOCA, Avnet and Douglas Stewart. This company is not an authorized distributor of McAfee.

This company is also not a Partner of McAfee.

Just because something is posted on the internet does not make it true.

Russ McRee said...

Thank you Anonymous McAfee employee, I wasn't sure if everything I read on the Intarweb was true. ;-)
In all seriousness, if ,in fact, your claims are valid, then you have a rogue vendor abusing your brand. McAfee was displaying the ad for Winferno on a regular basis.
If you haven't watched the video, where you'll see all their uses of the McAfee brand name, then refer to this Winferno URL.
Therein they refer to themselves as an authorized distributor of McAfee software with a McAfee Special Partner Offer.
Perhaps a cease and desist from your legal department might do the trick?

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...