Holes in McAfee's web site
Until last weekend, the web site of security firm McAfee contained several security vulnerabilities that are detailed in an advisory released by the Burmese security lab, YEHG, who discovered the holes.
Problems reportedly included a cross-site scripting (XSS) hole at download.mcafee.com and a flaw that allowed the source code of various ASP.NET pages to be retrieved. Whether these pages contained sensitive information remains unknown. Occasionally, however, such files can contain valuable information for attackers who are in the process of compromising a server.
McAfee has already had to fix vulnerabilities in its pages before. In 2009, a particularly embarrassing vulnerability affected McAfee's Secure security portal, which was vulnerable to cross-site request forgeries (CSRF). McAfee Secure is a service that allows customers to check their own site or online store for security holes and for conformity with the PCI DSS standard which is important for credit card transactions.
- Intel's acquisition of McAfee now complete, a report from The H.
- European Commission imposes conditions on Intel's take-over of McAfee, a report from The H.
- FTC gives its blessing to Intel's acquisition of McAfee, a report from The H.
- Intel acquires McAfee, a report from The H.