Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > McAfee not so free from security bugs

» IT Security NEWS
 
» 05 May 2009
McAfee not so free from security bugs
Who said antivirus and Internet security providers are all-powerful?

They get hit by bugs too.

McAfee's very ownwebsite was targeted by no less than three bugs. These bugs made McAfee's users easy target for various scams, including phishing. As of the moment, at least one of these bugs are still active. The news was announced over 24 hours ago.

Paradoxically, the gravest threat targeted McAfee Secure. This resource accredits e-commerce websites based on their security state. Other websites that handle important undertakings are also target customers of Secure.

According to Mike Bailey (Skeptikal.org), the McAfee website was attacked by a cross-site request forgery (CSRF). The CSRF may provide the attackers the ability to manage the accounts of McAfee's clients.

Although the company has already patched the bug, Bailey noticed that over the five weeks he watched the website, the McAfee Security logo remained glowing in its pages. This observation has elicited dissatisfaction over such guarantee. And why not? McAfee Secure was created to identify exactly these threats.

At the same time Bailey's account was told, another weakness on McAfee's website was dug out. This time, it was the website's management of customer rebates that was at risk. Lance James, joint founder of the Secure Science Corporation and author of Phishing Exposed, made a proof-of-concept link to illustrate the way phishers may take advantage of such weakness to design genuine-looking pages that are just like the ones in the real McAfee website. These pages would also contain the McAfee domain name as well as secure sockets layer certificate. With this set-up, the phishers could easily lead users to give their personal details unsuspectingly.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245