The Web sites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a report.
The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could be used to launch scams or implant malicious code on the systems of visiting users, according to XSSed.
Recent research has shown that attackers are increasingly - even predominantly - now using legitimate sites to host their malware, a tactic that makes the malware distribution sites more difficult to shut down.
Are you thinking what I'm thinking? If these snake oil peddlers cannot even secure their own systems, how do you suppose they can secure yours?
Related:
Is Security Software A Security Risk?
Security - Back To Basics
"Security" Peddlers
Unpatched Symantec flaw leads to U. of Colorado breach
Persistent zombie attacks target Symantec corporate software
Why Symantec sucks
McAfee and Symantec get vocal about Vista - but do they *really* have our best interests at heart?
No comments:
Post a Comment