How much more proof do we really need before someone takes action on this? This is officially the last straw, I've proven to folks over and over again this program by McAfee is nothing more than a sham, and if the public media doesn't want to listen - then so be it. I'm washing my hands of this whole mess... I'm done with it.
Ladies and Gentlemen,
I've been increasingly upset that companies are still not seeing the light - namely, that McAfee's "HackerSafe" (now re-branded McAfee Secured) program is a complete joke. I can't believe that there are so many companies that are still associating themselves with these people, who are obviously deceiving the public.
Here's an interesting customer list from McAfee's site...
With all that in mind, and all those high-powered customers, you'd figure this was one heck of a service - but alas.. it's just as stupid as any previous versions. Apparently, they still fail to check for Cross-Site Scripting (XSS)... a basic web-application vulnerability that's as old as dirt.
Here's an example... Ironically... You'll see PetSmart prominently displayed as a customer , but PetSmart's website does not have the McAfee or ScanAlert log anywhere to be found. Good for PetSmart, but they still have XSS issues...
So I ask you - which is worse? Is PetSmart the more guilty party for relying on a 3rd party to throw up a false sense of security to their online buyers? Or is McAfee worse in this because they're providing PetSmart and their customers with a false sense of security?
I guess this is what you get for not creating a secure software lifecycle program... and looking for a band-aid approach to security.