http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed. Cross-site scripting vulnerabilities create a way for miscreants to insert a script that redirects users to another website. Alternatively the bugs may make it possible to insert an 'iFrame' that displays the contents of a site under the control of hackers in the context of a vulnerable (trusted) site. XSSed has unearthed <http://www.xssed.com/news/72/Verisign_McAfee_and_Symantec_sites_can_be_used _for_phishing_due_to_XSS> 30 cross-site scripting flaws on the sites of McAfee, Symantec and Verisign. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
