[Sohu IT news]The Beijing standard time on May 7 the news, according to the foreign media, safety study expert Mike Bailey discovered other day, the well-known security software discussed the McAfee website to have the security loophole unexpectedly, including one item to scan the customer website slight defect specially the software. The experts said that these loopholes may cause the customer account number data exposure, by fishing attack use. The malicious software can also camouflage the McAfee software to disseminate.
McAfee evening indicated in 5th that the majority of weakness have patched, only then a part needs off-line to carry on. Reported according to the media that the McAfee website was discovered has receives the cross station instruction (XSS) attack, attacks weakness with the cross station false request, the customer possibly thinks that they have recorded this company\’s website, in fact is actually the fishing attack.
What satire is, has the risk website is McAfee Secure, this is used to scan customer\’s website, inspects them is whether easy to receive the above type the attack. The report pointed out that this question demonstrated that if not McAfee has not carried out the McAfee Secure inspection in own all websites, is this product effectiveness is not good. The Risky.biz website pointed out that the user must record their McAfee account numbers, then goes to use this weakness the malicious website, possibly receives the cross station false request to attack. Secure Science Corporation common foundation member Lance James indicated that this kind uses the anti-virus software business website\’s attack special hazard, because they can let the aggressor manufacture other content wooden horse procedure or malicious softwares\’ false security products, the customer does not doubt to accept.
Mike Bailey indicated that the loophole demonstration this company in McAfee Secure website has not observed to the qualified scan business (Approved Scanning Vendors) PCI request; When constructing this application software, has not used one safe software development life cycle, the negligence carries on the depth to this website the seepage test.
McAfee spokesperson Joris Evers indicated that the temporary winding\’s website is McAfee knowledge center (knowledge center), that is the customer to support the part, and use party vendor\’s software. This station has a cross station instruction weakness. He said in the mail reply that these patterns\’ weakness little massively are used, therefore does not regard as the serious problem. He stressed that these weakness have not caused outside the McAfee any corporate data to release, this company has not discovered any malicious the use.
McAfee is not only husband\’s father net has the security problem security company. last month, The Register disclosed that Symantec\’s website has a cross station instruction weakness. In February, a Romanian hacker website declared that has succeeded to use the cross station instruction and SQL hidden code attack, destroyed F-Secure, Kaspersky and BitDefender three company\’s websites.
