Winferno.com is an authorized distributor of McAfee Software. OK.
They use Verisign 128-bit SSL to secure your transaction. Can't take issue with that.
All good so far...but wait!
Shouldn't a McAfee Partner be McAfee Secure?
Apparently not, and being one wouldn't have cured the XSS blues anyway.
Next in our video series, a supposedly secure shopping cart that is far from.
Here's an IFRAME.
Here's the cookie.
As well we know, coughing up the cookie counts as a really bad thing for any shopping cart, let alone an SSL protected shopping cart that happens to be a McAfee Partner and authorized distributor of McAfee Software. But lest we forget, McAfee doesn't count XSS as concerning.
Here's the video.
Huge props to Ronald van den Heetkamp for starting this whole debate years ago, and for exposing Brett Oliphant for the fraud that he is.
Fraud is the key word here. Hacker Safe was fraudulent, McAfee Secure is fraudulent, and buying from Winferno puts consumers at risk for being defrauded, not only due to horrendous site code, but perhaps bad business practices as well.
I won't even ask if McAfee has any standards, we already know the answer.
Their standards have left the building.
del.icio.us | digg
Russ McRee's HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant. HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
Subscribe to:
Post Comments (Atom)
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ... -
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
2 comments:
I am a McAfee employee. There are several things about this post that make no sense.
McAfee only has 5 distributors that are authorized to sell their products. Ingram Micro, Tech Data, MOCA, Avnet and Douglas Stewart. This company is not an authorized distributor of McAfee.
This company is also not a Partner of McAfee.
Just because something is posted on the internet does not make it true.
Thank you Anonymous McAfee employee, I wasn't sure if everything I read on the Intarweb was true. ;-)
In all seriousness, if ,in fact, your claims are valid, then you have a rogue vendor abusing your brand. McAfee was displaying the ad for Winferno on a regular basis.
If you haven't watched the video, where you'll see all their uses of the McAfee brand name, then refer to this Winferno URL.
Therein they refer to themselves as an authorized distributor of McAfee software with a McAfee Special Partner Offer.
Perhaps a cease and desist from your legal department might do the trick?
Post a Comment