McAfee Plugs Hole In Certification Page
Author: Dave Lewis
Um, embarrassing, no?
From Heise:
According to an old proverb ‘The cobbler has the worst shoes’. It’s now been reported that Secure, McAfee’s security portal, has had poor shoes or rather poor security, because until recently it displayed a vulnerability to cross-site request forgery (CSRF).
McAfee Secure is a service that lets clients use the Hacker Safe tool to check their sites or online shops for security vulnerabilities and for compliance with the PCI Data Security Standard, which is important for credit-card transactions. If the check shows sites are OK, shop operators can include the McAfee Secure logo in their web site. This is supposed to reassure their customers that their data is well protected and there’s no danger lurking in transactions, such as making payments.
I’m not going to go on about this one. Here is more from others. But, I have renewed faith in the the Nate McFeter’s Certified and Scanless PCI programs.
