funsec mailing list archives

Security companies: Do as we say, not as we do

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 13 Jun 2008 07:46:00 -0400

http://www.theregister.co.uk/2008/06/13/security_giants_xssed/

Security researchers have identified cross-site scripting (XSS) issues on
the websites of three IT security heavyweights. Coding flaws on the websites
of McAfee, Symantec and VeriSign create a possible mechanism for hackers to
launch phishing or malware attacks, according to security watchdog XSSed.

Cross-site scripting vulnerabilities create a way for miscreants to insert a
script that redirects users to another website. Alternatively the bugs may
make it possible to insert an 'iFrame' that displays the contents of a site
under the control of hackers in the context of a vulnerable (trusted) site.
XSSed has unearthed
<http://www.xssed.com/news/72/Verisign_McAfee_and_Symantec_sites_can_be_used
_for_phishing_due_to_XSS>  30 cross-site scripting flaws on the sites of
McAfee, Symantec and Verisign.

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Security companies: Do as we say, not as we do Richard M. Smith (Jun 13)