Friday, May 9, 2008
But the logo says I'm secure!
Russ McRee at HolisticInfoSec.org posted a fun little video to demonstrate just how effective McAfee's "Hacker Safe" ScanAlert really is. These sites have some really basic XSS vulnerabilities, so either the scans aren't working, the companies aren't bothering to fix known weaknesses, or it's a little bit of both. If all they care about is sticking a logo on their site, they might as well invest in Scanless PCI.