back to article Anti-virus vendor trio plug website flaws

White-hat hackers have uncovered vulnerabilities on the websites of anti-virus firms that created a phishing risk. Cross-site scripting (XSS) bugs of varying severity were found on the websites of Symantec (here), Eset (here) and Panda Security (here) by Team Elite, the white-hat hackers who discovered the flaws. We notified …

COMMENTS

This topic is closed for new posts.
  1. Gangsta
    Dead Vulture

    Out Of interest...

    has El Reg ever being discovered to have a XSS or generally any security flaws?

    There's not much in the way of confidential information here anyway.

  2. Anonymous Coward
    Black Helicopters

    Re: Out Of interest...

    Of course there are confidential information here. Compromising messages posted by me as AC.

  3. Panix
    FAIL

    I think you made them made =(

    http://nemesis.te-home.net/News/20101002_Theregister_co_uk_Contact_Form_XSS_Vulnerability.html

    rut roh

    1. te.teamelite
      Pirate

      Re

      That bug was fixed immediately after notifying the webmaster.

  4. Ammaross Danan
    FAIL

    Rule of Thumb

    Many web developers know it's a good rule-of-thumb to run htmlspecialchars() (PHP) or the like on ANY user-supplied information before displaying it back on a webpage. That they did not for a search string (Symantec) is a VERY serious oversight (at the least). Had it been some field on some obscure form, I might be able to pass it off as an accident...

  5. bugalugs
    Joke

    unrepresentative icon warning

    Fit this with Nrootn's SDDvsHackisWack website rickroll debacle

    and buy Stemyanc with confidence !

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021