Thursday, January 17, 2008

Many 'Hacker Safe' Web Sites Found Vulnerable

Thomas Claburn writes on InformationWeek:

More than 60 Web sites certified to be "Hacker Safe" by McAfee's ScanAlert service have been vulnerable to cross-site scripting (XSS) attacks over the past year, including the ScanAlert Web site itself. While the XSS hole in the ScanAlert site and others have been addressed, some apparently have not, leaving visitors potentially vulnerable to client-side attacks.

Kevin Fernandez and Dimitris Pagkalos, two computer scientists who maintain XSSed.com, a site that has been tracking XSS vulnerabilities since February 2007, provided InformationWeek with a list of 62 Web sites certified as "Hacker Safe" on which XSS holes have been reported. The list includes brookstone.com, cafepress.com, cduniverse.com, gnc.com, mysecurewallet.nl, petsmart.com, and sportsauthority.com, among other familiar brands.

More here.

Note: The recent compromise of geeks.com, where customer credit card numbers were illegally accessed, was another "Hacker Safe" branded website. -ferg

0 Comments:

Post a Comment

<< Home