a white hat hacker group stressed a few days ago, security vendor McAfee website —— McAfee.com has serious vulnerability, while pointing out that the vulnerability could allow information disclosure or other problems.
Monday, YGN ethical hacker organizations (The YGN Ethical Hacker Group) found in the full disclosure of their (Full Disclosure) posted on the site. In fact, as early as February 10, McAfee has reported the vulnerability, but McAfee has not take action on the vulnerability of the company, these vulnerability the Organization decided to be available to the public.
hacker groups in the McAfee.com or McAfee software download Web site found more than 10 multiple vulnerabilities. McAfee.com Web site error cross-site scripting and information disclosure on issues. The Organization had put these questions to inform McAfee, and McAfee to respond to these findings, saying “ will solve these problems as soon as possible. &Amp;rdquo, but until March 28, these problems have not been resolved, so the organization published the information out.
in a statement, McAfee said, “ vulnerability does not expose any McAfee company users, partners or company information. In addition, we have yet to see any malicious attacks using the vulnerability. &Amp;rdquo;
Web site vulnerability is widespread. Security manufacturer's Web site in the past have been damaged. In 2009, hackers use loopholes in the Kaspersky Lab user support Web site. After the publication of initial gap being, a large number of hackers sniffing the Kaspersky website. But in the end the attackers failed to get the user data access. Similarly, Symantec and f-secure company also found errors on the site.
McAfee recognizes that their much longer than expected to fix the vulnerability. Also says that only in the worst case, cross-site scripting vulnerability would enable an attacker to fudge in the past. McAfee.com Web site and downloading Web site information leakage problem, you can enable the attacker to get Web traffic and Web site source of related information, but will not disclose any confidential information or user information.
“ McAfee for their Web sites and services are provided by third parties to establish a strict policy of. Once a vulnerability occurs, McAfee is committed to addressing this problem as soon as possible, ” McAfee said “ sorry, this takes much longer than I thought. We are investigating the reasons for the delay, if necessary to adjust our processes to prevent this from happening again. ”
