Scripting bugs blight security giants' websites
Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed. Cross-site scripting …
Were they...
... HackerSafe?
Mine's the one with the "Certified Expert" badge sewn onto the pocket.
Please Select from the Standard Arguments
To save bandwidth and the time of good Reg readers, could commenters please select from the following standard arguments by number, rather than type out the whole comment each time. Combinations may be used.
(1) This wouldn't happen if you used Linux.
(2) This wouldn't happen if you used a Mac.
(3) M$ should take responsibility for it's lousy/insecure software.
(4) I've used Windows/IE for years and never had a problem.
(5) It's just more leverage for net security companies to sell products you don't need.
(6) It's all the stupid user's fault - clever users, like me, don't have problems.
(7) We should all use Firefox with the NoScript plugin for browsing and be done with it.
(8) We should all use Virtual Machine appliances for browsing and be done with it.
(9) We should all use LiveCDs for browsing and be done with it.
(10) Soon the net won't be safe for anything ....aarghhh! I'm a tea pot. I'm a tea pot.
Some hyperbole here I think...
Isn't it odd that when security companies or their software detect something - even if it might be a false positive - its the end of the world and the biggest risk since Parker went to the Bank of England with Lady P and a hair grip.
BUT when their software has a flaw or wastes to many resources then "its the price of security" - especaily when it is not.
AND when their site is bugged "the risk is of little consequence".
Don't get me started on how they almost all stopped (even their existing) support for win98 just because microsoft wouldn't hold their hand any longer. Thus increasing the number of insecure systems out there. It may not be a the main target and numbers may be dwindling but (for example) its 98 or linux on this old laptop I'm typing on (it really liked 95osr2c). And you have to hunt to find a linux thats small enough for this little RAM. But it works OK for browsing, docs, etc.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
