McAfee's website full of security holes, researcher says

Found on Network World on Sunday, 27 March 2011
Browse Internet

The McAfee.com website is full of security mistakes that could lead to cross-site scripting and other attacks, researchers said in a post on the Full Disclosure site on Monday.

This isn't just embarrassing, but also somewhat discrediting for McAfee, which markets a McAfee Secure service to enterprises for their customer-facing websites.

When, as of March 27, YGN found the flaws "to be unfixed completely," YGN publicly disclosed them.

For a security company, such problems are devastating. If they cannot keep their own website secure, how are customers supposed to believe that they will do a good job at finding problems on theirs?