XSS flaws found on three security firms' websites

A Guy

Righteous Dude
Guru
VIP
SF Team
Local time
6:46 AM
Messages
33,045
Location
Bay Area
A group of white-hat hackers has discovered various XSS vulnerabilities on websites belonging to three well-known security companies, and have reported it to the firms themselves so that they can fix them them as soon as possible.

"XSS vulnerability is a high level vulnerability which could allow an attacker to steal sensitive data such as login information and other credentials," said one of the members of white-hat Team Elite to The Register. "I've noticed that all three security vendors have fixed the bugs on their websites, which is very positive."

The three security firms in question are Symantec, Eset and Panda Security, and as the group points out, these XSS flaws could easily allow attackers to push their own malicious content to visitors or for executing phishing attacks. XSS flaws basically happen because of errors in coding, but one would think that security firms would be especially careful to avoid things like that on their pages.

Fortunately, it seems these particular flaws have not been misused before the patching, but this instance should be a lesson for us all. And that lesson is - always keep your eyes on the ball.

Source

A Guy
 

My Computer My Computer

At a glance

Windows 10 Home x64INTEL Core i5-750 Quad-Core 3.37GHzHyperX Fury Black Series 8GB (2 x 4GB) 1866MhzEVGA GeForce GTX 750 Superclocked 1GB 128-Bit...
Computer type
PC/Desktop
OS
Windows 10 Home x64
CPU
INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard
ASUS P7P55D
Memory
HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
Graphics Card(s)
EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1920 x 1080
Hard Drives
Samsung 840 Evo 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
ANTEC TruePower New TP-550, 80 PLUS, 550W
Case
ANTEC Three Hundred Illusion
Cooling
COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Internet Speed
85 + Mbps
Antivirus
Avast
Browser
Vivaldi
hi !

THANKS A Guy !

interesting.
 

My Computer My Computer

At a glance

W7-Enterprise + WS-2008 (Converted to Worksta...P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400M...2GBNVIDIA QUADRO2 PRO 64MB
Computer Manufacturer/Model Number
Dell
OS
W7-Enterprise + WS-2008 (Converted to Workstation)
CPU
P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard
Intel 850E
Memory
2GB
Graphics Card(s)
NVIDIA QUADRO2 PRO 64MB
Sound Card
Yes
Monitor(s) Displays
Dell 1702FP
Screen Resolution
1280x1024
Hard Drives
Yes
PSU
Yes
Case
Yes
Cooling
Yes
Keyboard
Yes
Mouse
Yes, and i also have Cats...
Internet Speed
University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info
W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
This must be a second set of XSS bugs found on ESET and Symantec websites.

Bugs on Kaspersky, BitDefender, Avast, McAfee, AVG, F-Secure, and Avira websites have also been found.

And that's only of the anti-virus vendor websites, I know of. There have also been bugs on other big name websites found, such as on Ebay, Intel and certain American banking websites, to name a few.

Most of them found by members of Team Elite, I believe.
 

My Computer My Computer

At a glance

Arch Linux 64-bit
OS
Arch Linux 64-bit
Back
Top