McAfee security error

May 4, 2009 Jim Connolly
14 Comments - Leave a comment!

McAfee are one of the best known names in Internet security, yet according to a post today on ReadWriteWeb, their website is “enabling malware distribution.”  Lidija Davis‘ post tells us:

During tests this weekend, we discovered the company who claims to “keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams,” has several cross-site scripting (XSS) vulnerabilities and provides the bad guys with a brilliant – albeit ironic – launching pad from which to unleash their attacks.

McAfee security problems

It was an XSS valnerability, which led to Twitter’s recent mickeey worm.  Although that particular worm was fairly harmless, a hacker could quite easily exploit the XSS vulnerabilities on McAfee’s sites, to (for example) redirect people to just about anywhere on the web.

At the time of writing this, I have not seen any response from McAfee. Watch this space!

Bookmark and Share
14 Responses to McAfee security error
  1. José Andrés Martínez
    May 4, 2009 | 2:25 pm

    what a mistake! http://tinyurl.com/cgt8zs

  2. hydrarulz
    May 4, 2009 | 1:32 pm

    A LOT of websites have that tiny “secure lock” that sais, you’re safe from hackers. or has https enabled and it means that your ass is impenetrable. they and McAfee are very wrong!
    XSS is the most popular security hole.
    XSS means account stealing, (if permanent) could mean web worm lke the one on twitter or samy worm on myspace.

  3. Will Kennerley
    May 4, 2009 | 2:33 pm

    RT–> McAfee security Error! http://tinyurl.com/cgt8zs

  4. Buyer Brown
    May 4, 2009 | 2:34 pm

    RT thetechnewsblogMcAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs Please ReTweet!!about 1 hour ago from web

  5. Matthew Heiser
    May 4, 2009 | 2:48 pm

    McAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs Please ReTweet!!

  6. PleaseRetweet
    May 4, 2009 | 2:53 pm

    RT McAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs Please ReTweet!!: McAfee EMBARRASSING securit.. http://twurl.nl/dgrafd

  7. Tyler Locke
    May 4, 2009 | 5:10 pm

    McAfee FAIL! http://tinyurl.com/cgt8zs (via @thetechnewsblog) #security #fail #mcafee

  8. PleaseRetweet
    May 4, 2009 | 6:22 pm

    RT McAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs Please ReTweet!! (via @thetechnewsblog): McAf.. http://tinyurl.com/dzpbft

  9. mckt
    May 4, 2009 | 7:43 pm

    This XSS hole is bad, but I published a much more critical McAfee hole today- in the very application that clients use to test their own websites.

    http://skeptikal.org/2009/05/epic-failure-from-mcafee.html

  10. Mark Harai
    May 4, 2009 | 9:55 pm

    “Macafee website XSS vulnerabilities worm” – via @thetechnewsblog http://hub.tm/?LgmNC – you need to read if you use Macafee…

  11. ⌘-Jake Fischer-☢
    May 4, 2009 | 11:33 pm

    RT @thetechnewsblog: McAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs Please ReTweet!!

  12. Tech News Blog Editor | Jim Connolly
    May 5, 2009 | 7:47 am

    I’m amazed how little coverage this story got yesterday. Seems it was only picked up by the tech media- so the average user won’t even know.

    Props to ReadWriteWeb for bringing this to my attention!!

  13. Deborah Austin
    May 6, 2009 | 6:07 am

    McAfee EMBARRASSING security error! http://tinyurl.com/cgt8zs

  14. Market Buzz PR
    May 14, 2009 | 5:43 am

    Reading: “mcafee macafee website XSS vulnerabilities worm | The Tech News Blog” (http://twitthis.com/glu8sy)