funsec mailing list archives
Security companies: Do as we say, not as we do
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 13 Jun 2008 07:46:00 -0400
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/ Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed. Cross-site scripting vulnerabilities create a way for miscreants to insert a script that redirects users to another website. Alternatively the bugs may make it possible to insert an 'iFrame' that displays the contents of a site under the control of hackers in the context of a vulnerable (trusted) site. XSSed has unearthed <http://www.xssed.com/news/72/Verisign_McAfee_and_Symantec_sites_can_be_used _for_phishing_due_to_XSS> 30 cross-site scripting flaws on the sites of McAfee, Symantec and Verisign. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security companies: Do as we say, not as we do Richard M. Smith (Jun 13)