A white hat hacker group
that day before, there are serious loopholes in security vendors McAfee site McAfee.com, also pointed out that the vulnerability can lead to information leakage or other problems.
on Monday, YGN Disclosure (The YGN Ethical Hacker Group) will be found in their full disclosure (Full) website announced. In fact, as early as February 10th, McAfee reported the vulnerability, but in view of the McAfee Inc has not been on the vulnerability to take action, the organization decided to these vulnerabilities released.
hacker group in McAfee.com and McAfee software download site found more than and 10 vulnerabilities. There are cross site scripting errors and information disclosure issues on the McAfee.com website. The organization had these problems and to inform the McAfee, McAfee responded to these findings, said "will solve these problems as soon as possible." But until March 28th, these issues have not yet been resolved, so the organization announced the information out.
said in a statement, McAfee Inc, said the vulnerability will not expose any McAfee Inc users, partners or company information. In addition, we have not seen any exploit the vulnerability of the malicious attacks."
site vulnerabilities are very common. The security vendor’s site has been damaged in the past. In 2009, hackers took advantage of the vulnerability of the Kabasiji lab user support website. After the initial breach was announced, a large number of hackers to explore the Kabasiji site. However, the attacker failed to obtain access to user data. Similarly, errors have been found on Symantec and F-Secure’s website.
admitted to fix the vulnerabilities they longer than expected. The company also said that only in the worst case, XSS vulnerability will allow an attacker to wriggle out of it. McAfee.com website and download the site’s information leakage problem, allowing the attacker to get Web traffic and site source code related information, but will not leak any confidential information or user information.
"McAfee for your own site and third party services have set up a strict policy. Once there is a loophole, McAfee is committed to address this issue as soon as possible, "McAfee said," I’m sorry, this time than I thought it would be long. We are investigating the cause of the delay and, if necessary, will adjust our processes to prevent this from happening again."