White-hat hackers have uncovered vulnerabilities on the websites of anti-virus firms that created a phishing risk. Cross-site scripting (XSS) bugs of varying severity were found on the websites of Symantec (here), Eset (here) and Panda Security (here) by Team Elite, the white-hat hackers who discovered the flaws. We notified all …
Out Of interest...
has El Reg ever being discovered to have a XSS or generally any security flaws?
There's not much in the way of confidential information here anyway.
Re: Out Of interest...
Of course there are confidential information here. Compromising messages posted by me as AC.
I think you made them made =(
That bug was fixed immediately after notifying the webmaster.
Rule of Thumb
Many web developers know it's a good rule-of-thumb to run htmlspecialchars() (PHP) or the like on ANY user-supplied information before displaying it back on a webpage. That they did not for a search string (Symantec) is a VERY serious oversight (at the least). Had it been some field on some obscure form, I might be able to pass it off as an accident...
unrepresentative icon warning
Fit this with Nrootn's SDDvsHackisWack website rickroll debacle
and buy Stemyanc with confidence !
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*