back to article Scripting bugs blight security giants' websites

Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed. Cross-site scripting …


This topic is closed for new posts.
  1. Jack Harrer

    Obvious quote

    Who will watch the watchmen?

  2. Ash

    Were they...

    ... HackerSafe?

    Mine's the one with the "Certified Expert" badge sewn onto the pocket.

  3. Anonymous Coward

    Please Select from the Standard Arguments

    To save bandwidth and the time of good Reg readers, could commenters please select from the following standard arguments by number, rather than type out the whole comment each time. Combinations may be used.

    (1) This wouldn't happen if you used Linux.

    (2) This wouldn't happen if you used a Mac.

    (3) M$ should take responsibility for it's lousy/insecure software.

    (4) I've used Windows/IE for years and never had a problem.

    (5) It's just more leverage for net security companies to sell products you don't need.

    (6) It's all the stupid user's fault - clever users, like me, don't have problems.

    (7) We should all use Firefox with the NoScript plugin for browsing and be done with it.

    (8) We should all use Virtual Machine appliances for browsing and be done with it.

    (9) We should all use LiveCDs for browsing and be done with it.

    (10) Soon the net won't be safe for anything ....aarghhh! I'm a tea pot. I'm a tea pot.

  4. Kevin Reader

    Some hyperbole here I think...

    Isn't it odd that when security companies or their software detect something - even if it might be a false positive - its the end of the world and the biggest risk since Parker went to the Bank of England with Lady P and a hair grip.

    BUT when their software has a flaw or wastes to many resources then "its the price of security" - especaily when it is not.

    AND when their site is bugged "the risk is of little consequence".

    Don't get me started on how they almost all stopped (even their existing) support for win98 just because microsoft wouldn't hold their hand any longer. Thus increasing the number of insecure systems out there. It may not be a the main target and numbers may be dwindling but (for example) its 98 or linux on this old laptop I'm typing on (it really liked 95osr2c). And you have to hunt to find a linux thats small enough for this little RAM. But it works OK for browsing, docs, etc.

This topic is closed for new posts.

Other stories you might like