Industry News Home More stories like this... RSS Feed

Security vendor's website found to have flaws

Online security researchers are warning that cyber crooks may have exploited vulnerabilities on security vendor McAfee's websites, which could have been used to launch attacks at consumers.

Writing in Read Write Web, the researchers claimed that tests carried out last weekend revealed the company's websites suffered from "several cross-site scripting (XSS) vulnerabilities".

These flaws provide "the bad guys with a brilliant - albeit ironic - launching pad from which to unleash their attacks", they claimed, stating that any tech savvy individual could achieve this as well.

According to the author of Phishing Exposed and co-founder of Secure Science Corporation Lance James, scareware crooks could also exploit the flaws to infect legitimate copies of the vendor's security suites.

However, a McAfee spokesperson has played down the threat from the vulnerabilities, saying the flaws are rarely exploited in the wild, according to ZDNet.co.uk.

He is quoted as saying: "We are investigating how these particular vulnerabilities were not identified in our screening process and will adjust our processes if necessary."

PC Tools internet security, safeguards your PC against cyber threats with proactive defence. Visit www.pctools.com to upgrade your protection