McAfee Sites Vulnerable To XSS Attack

An anonymous reader notes that this weekend, ReadWriteWeb discovered a security hole on several McAfee sites, which lets any attacker piggyback on the company’s reputation and brand in order to distribute malware, Trojans, or anything else. The submitter adds an ironic coda to McAfee’s epic fail: “In the ‘how to HTML Injection’ section, the author provided the four steps needed to execute a simple, no-brainer injection, but unfortunately, exposed a hole in NY Times website when they republished the article. While the author changed the offending text to an image, the Times is still using the original story which redirects directly to ReadWriteWeb [via XSS].” From the RWW post: “During tests this weekend, we discovered the company who claims to ‘keep you safe from identity theft, credit card fraud…’ has several cross-site scripting vulnerabilities and provides the bad guys with a brilliant — albeit ironic — launching pad from which to unleash their attacks.”

Read more of this story at Slashdot.


Share

Tags: , ,

This entry was posted on Tuesday, May 5th, 2009 at and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.