A challenge was put forth on Zero Day, and it has been answered.
Apparently, McAfee doesn't care about XSS on their own sites either.
I'll let the video speak for itself.
For the love of all thing good and proper, McAfee, please address this issue...for yourselves and the consumers who look to you to do the right thing.
Sincerely,
Russ McRee
del.icio.us | digg
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
2 comments:
Ouch!
I can't believe a company would offer a product to certify to consumers that a site is ‘Hacker Safe’ or ‘PCI Compliant’ when they themselves cannot secure or sanitize their site.
PCI auditors, take note of these so called certifications falsely stating sites are secure to XSS when they are obviously not! From the videos you can see that the XSS attacks are not sophisticated and should have been found with good fuzzing tools.
This is truly outrageous!
-=Ghost=-
Post a Comment