Sign in / up

back to article XSS flaws found in sites of multiple anti-virus firms

Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks. Some of the firms involved have admitted problems, while others say the issues raised have either already been fixed or are erroneous …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Michael Walsh
    Unhappy

    Typical

    It seems every time I'm asked to "fix" an infected PC (Vista or XP) it usually has McAfee installed. Of course Comcast is "giving" it to all their high speed internet customers. I just tell the client that their software is worth just what they paid for it.

    And the Symantec corporate AV that I use has decided that Reflexive Arcade games are all trojans and need to be quarantined. Ah well, back to the drawing boards...

    0 0
  2. Anonymous Coward
    Anonymous Coward

    XHTML strict

    Let's get the whole web on XHTML strict - no iFrames (huzzah).

    Granted many payment system and 3D Secure integrations will break but what the hey, as far as I'm concerned frames of any stripe have always been a work of pure evil except possibly in closed systems (like CMS or VPN).

    0 0
  3. Fugitif
    Thumb Down

    bullshit

    @Symantec

    All bugs have been tested two days ago by one of softpedia editor and all worked well !

    You can see all screens in their article :)

    0 0
  4. Anonymous Coward
    Linux

    XSS Bleh

    XSS is everywhere!

    I had two XSS on the lovefilm website. Which they slightly patched

    Filtering just the < character

    But most websites with search functions. I find are vuln to XSS

    0 0
  5. Anonymous Coward
    Anonymous Coward

    Yeah you can do a mock up screen can't you

    Not particularly hard. Ohh hack the planet, where's me layer tool.

    0 0
  6. James O'Brien
    Thumb Down

    @Symantec

    "Symantec takes the security of its website very seriously and can confirm that no company or customer information was exposed."

    The fact that Symantec take security of anything "very seriously" just screams bullshit to me.

    0 0
  7. Anonymous Coward
    Anonymous Coward

    it is the browser stupid

    It is a browser vulnerability and not web server vulnerability that we see here.

    yes, ok...if a website filters user input..etc., xss attacks are REDUCED, but will never go away

    on the other hand, if you DISABLE javascript and iframes on your WEB BROWSER, then XSS, PHISHING attacks are not just reduced, but something you DO NOT HAVE TO WORRY ABOUT. As in, you won't be a victim of xss or phishing attacks.

    In Summary, it is browser vulnerability and people seem to think that it is a web server vulnerability.

    0 0
  8. Chika
    Coat

    Eh?

    Dirty Half Dozen? What has this got to do with a PRI Banger team?

    0 0
  9. Andrew Clerk
    Alert

    BitDefender is great

    BitDefender is the best, they didn't exposed any customer data, and the software is great also. I have bitdefender internet security and it protects me 100% :)

    0 0
This topic is closed for new posts.

Other stories you might like