Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: XSS flaws found on three security firms' websites

06 Oct 2010   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
XSS flaws found on three security firms' websites

Quote:
A group of white-hat hackers has discovered various XSS vulnerabilities on websites belonging to three well-known security companies, and have reported it to the firms themselves so that they can fix them them as soon as possible.

"XSS vulnerability is a high level vulnerability which could allow an attacker to steal sensitive data such as login information and other credentials," said one of the members of white-hat Team Elite to The Register. "I've noticed that all three security vendors have fixed the bugs on their websites, which is very positive."

The three security firms in question are Symantec, Eset and Panda Security, and as the group points out, these XSS flaws could easily allow attackers to push their own malicious content to visitors or for executing phishing attacks. XSS flaws basically happen because of errors in coding, but one would think that security firms would be especially careful to avoid things like that on their pages.

Fortunately, it seems these particular flaws have not been misused before the patching, but this instance should be a lesson for us all. And that lesson is - always keep your eyes on the ball.
Source

A Guy

My System SpecsSystem Spec
.

06 Oct 2010   #2

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

THANKS A Guy !

interesting.
My System SpecsSystem Spec
06 Oct 2010   #3

Arch Linux 64-bit
 
 

This must be a second set of XSS bugs found on ESET and Symantec websites.

Bugs on Kaspersky, BitDefender, Avast, McAfee, AVG, F-Secure, and Avira websites have also been found.

And that's only of the anti-virus vendor websites, I know of. There have also been bugs on other big name websites found, such as on Ebay, Intel and certain American banking websites, to name a few.

Most of them found by members of Team Elite, I believe.
My System SpecsSystem Spec
.


Reply

 XSS flaws found on three security firms' websites





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:30 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33