Feeds

back to article XSS flaws found in sites of multiple anti-virus firms

Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks. Some of the firms involved have admitted problems, while others say the issues raised have either already been fixed or are erroneous. …

COMMENTS

This topic is closed for new posts.
Unhappy

Typical

It seems every time I'm asked to "fix" an infected PC (Vista or XP) it usually has McAfee installed. Of course Comcast is "giving" it to all their high speed internet customers. I just tell the client that their software is worth just what they paid for it.

And the Symantec corporate AV that I use has decided that Reflexive Arcade games are all trojans and need to be quarantined. Ah well, back to the drawing boards...

0
0
Anonymous Coward

XHTML strict

Let's get the whole web on XHTML strict - no iFrames (huzzah).

Granted many payment system and 3D Secure integrations will break but what the hey, as far as I'm concerned frames of any stripe have always been a work of pure evil except possibly in closed systems (like CMS or VPN).

0
0
Thumb Down

bullshit

@Symantec

All bugs have been tested two days ago by one of softpedia editor and all worked well !

You can see all screens in their article :)

0
0
Linux

XSS Bleh

XSS is everywhere!

I had two XSS on the lovefilm website. Which they slightly patched

Filtering just the < character

But most websites with search functions. I find are vuln to XSS

0
0
Anonymous Coward

Yeah you can do a mock up screen can't you

Not particularly hard. Ohh hack the planet, where's me layer tool.

0
0
Thumb Down

@Symantec

"Symantec takes the security of its website very seriously and can confirm that no company or customer information was exposed."

The fact that Symantec take security of anything "very seriously" just screams bullshit to me.

0
0
Anonymous Coward

it is the browser stupid

It is a browser vulnerability and not web server vulnerability that we see here.

yes, ok...if a website filters user input..etc., xss attacks are REDUCED, but will never go away

on the other hand, if you DISABLE javascript and iframes on your WEB BROWSER, then XSS, PHISHING attacks are not just reduced, but something you DO NOT HAVE TO WORRY ABOUT. As in, you won't be a victim of xss or phishing attacks.

In Summary, it is browser vulnerability and people seem to think that it is a web server vulnerability.

0
0
Bronze badge
Coat

Eh?

Dirty Half Dozen? What has this got to do with a PRI Banger team?

0
0
Alert

BitDefender is great

BitDefender is the best, they didn't exposed any customer data, and the software is great also. I have bitdefender internet security and it protects me 100% :)

0
0
This topic is closed for new posts.