Thorsten Körner

Ausgerechnet die Webseiten des Security Anbieters McAfee sind per Crosssite Scripting (XSS) angreifbar. Dies meldet das Internet Newsportal Slashdot.org unter Berufung auf einen Artikel in ReadWriteWeb (rww) in dem der passende Exploit veröffentlicht wurde.
Das wirft sicher kein gutes Bild auf den Anbieter, der sich in einem hart umkämpften Marktsegment bewegt.

Via Slashdot | McAfee Sites Vulnerable To XSS Attack
An anonymous reader notes that this weekend, ReadWriteWeb discovered a security hole on several McAfee sites, which lets any attacker piggyback on the company’s reputation and brand in order to distribute malware, Trojans, or anything else. The submitter adds an ironic coda to McAfee’s epic fail: “In the ‘how to HTML Injection’ section, the author provided the four steps needed to execute a simple, no-brainer injection, but unfortunately, exposed a hole in NY Times website when they republished the article. While the author changed the offending text to an image, the Times is still using the original story which redirects directly to ReadWriteWeb [via XSS].” From the RWW post: “During tests this weekend, we discovered the company who claims to ‘keep you safe from identity theft, credit card fraud…’ has several cross-site scripting vulnerabilities and provides the bad guys with a brilliant — albeit ironic — launching pad from which to unleash their attacks.”