McAfee, Symantec, and VeriSign sites all found to contain cross-site scripting

Started by somanyholes, Jun 11, 2008, 14:23:29

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

somanyholes

Major Security Vendors' Sites Could Be Launchpads for Phishing Attacks

It involves mcaffe and symantec, (couldn't happen to any nicer companies :) ) It also involves VeriSign which is not good at all. Practise what they preach? not a chance.

http://www.darkreading.com/document.asp?doc_id=155995&WT.svl=news1_1


Rik

It really is getting to the point where the web is an unsafe place to do business - despite the apparent security. House of cards springs to mind.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

This after yesterdays announcement sure makes me think may be a cheque will take longer but its a lot safer at the moment and things are now surfacing which makes very sobering reading  :eyebrow:
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

I agree, David. Neither merchants nor banks will want the expense of masses of cheques to handle, so it could be a very effective form of protest.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

May prove to be the only one Rik how many more skeletons in the cupboard  :eek4:
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

This leak could end up a flood Rik and can see many reasons why they big banks etc would want to suppress it as well,a few more scares and people will abandon the online shopping so fast our high streets will end up with shops instead of burger bars and mobile phone shops  ???
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

I agree, David. Having been caught out twice with fraudulent card activity, I'm certainly getting wary.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

Im loathed to say it but touch wood I have escaped so far.but unlike with many things I restrict buying with my cards online unless I am really sure but this could go further than online,just imagine if Tesco or another Giant retailer suffered this...it would be catastrophic and I am not convinced it could not happen given the Data discs fiasco and now this  ???
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

Large companies, eg TK Maxx, have already been breached, David.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

Yes but what if more mainstream companies get it like the Asda and the Tescos it would effectively cripple this countries when it came to shopping anywhere cash would make a bigger comeback than Frank Sinatra

Its a scary thought really how many of us would be able to live without cards ?
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

Online, we certainly couldn't. Shops would hate going back to cash due to the high handling costs. We might actually get some significant action taken...
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

Then in theory at least,its more than likely they are all running around trying to fix this already?as you say they all hate cash handling and rightly so,its not a great thing to dwell on... :eek4:
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Sebby

Cheques aren't particular safe themselves, though perhaps not as easy to commit fraud with as obtaining someone's card details.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Dopamine

Does anyone remember the Millennium Bug? I had friends employed as programmers who were making fortunes on the back of all the scaremongering surrounding it. What happened? Some of them made so much they've since retired, the Millennium came and went, the Bug didn't.

Same with all this security scaremongering. Sure, we all want the web to be as safe and secure as possible, and there is a very real need for security checking and advice, but let's take all this hype with a pinch of reality. Billions of pounds are transacted across the web on retail and banking activities, and whilst the amount lost to fraud is very large in monetary terms, its actual percentage is very small.

We've become a nation of worriers and scaremongers, unthinkingly hanging on every word issued by vested interests with security services to sell. The article contains very sensible points, but like every other prophecy of doom, the reality will be far less severe, as security holes will be closed long before they cause mass and widespread losses.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Inactive

So do I Simon, by the number of people on here that have already been affected by card fraud, I think we should all be very concerned. :(
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

somanyholes

QuoteDoes anyone remember the Millennium Bug? I had friends employed as programmers who were making fortunes on the back of all the scaremongering surrounding it. What happened? Some of them made so much they've since retired, the Millennium came and went, the Bug didn't.

Same with all this security scaremongering. Sure, we all want the web to be as safe and secure as possible, and there is a very real need for security checking and advice, but let's take all this hype with a pinch of reality. Billions of pounds are transacted across the web on retail and banking activities, and whilst the amount lost to fraud is very large in monetary terms, its actual percentage is very small.

We've become a nation of worriers and scaremongers, unthinkingly hanging on every word issued by vested interests with security services to sell. The article contains very sensible points, but like every other prophecy of doom, the reality will be far less severe, as security holes will be closed long before they cause mass and widespread losses.


I'm sure that 1/2 the population of the uk that have had their data stolen/lost would agree with you on the scaremongering front......  :no:

Inactive

Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

somanyholes

interesting read that in, cheers. Think that one would be used for large purchases. now where do we deliever this statue...


Inactive

Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Dopamine

Quote from: somanyholes on Jun 12, 2008, 08:10:09

I'm sure that 1/2 the population of the uk that have had their data stolen/lost would agree with you on the scaremongering front......  :no:
I take it that this is a joke. Half the population? Ho ho ho. The end of the world is nigh!

somanyholes

considering that 25 million peoples records disappeared in one incident, (child benefits) and there have been many many more incidents from data loss through to credit card fraud etc, 1/2 the population is probably not that far off.

sure the information that comes out can lead to scaremongering, but at the end of the day, it's information that is provided to people so they can attempt to make there own informed decisions. You have obviously made yours.

And no the end of the world is not nigh. But i would of thought that the most used and respected certificate provider having flaws in their code is fairly important, the same for the security software.

hope your nice and cosy in your bubble...


ho ho ho