Hacker Safe or not? Read on, watch the video and vote now!

Monday, 28 April 2008

Last Update: 30 Apr 08
-

Russ McRee brought up again his concerns about the Hacker Safe issue with his latest blog post titled "Still not Hacker Safe, roll the video".

Me and Kevin are also annoyed with the fact that McAfee's ScanAlert service is, as Russ pointed out, more like fraudulent marketing fluff than a worthy expense for websites.  What do YOU think?

CAST YOUR VOTE NOW!

Russ has also prepared a video pointing out only reflected, non-persistent vulnerabilities in Hacker Safe branded sites:

http://holisticinfosec.org/video/HS_ISSA/ISSA_Regional_HackerSafe.html

The following are Russ's points that ScanAlert chose to ignore for some fraudulent marketing fluff reasons... :-/
"
1) Sites that are vulnerable to XSS are not PCI compliant. All of the sites in this video take CC payments and store customer information.
2) The sites in this video have been vulnerable for months. Additionally, some have been advised multiple times and have simply ignored my notices. Their Hacker Safe branding is active and has not been removed at any time.
3) The ScanAlert Hacker Safe service claims XSS as part of its vulnerability checks; sites that are vulnerable to it should not be showing the Hacker Safe label in perpetuity.

THEY ARE NOT HACKER SAFE AND CONSUMERS ARE AT RISK.
"

Join the protest against the Hacker Safe branding by commenting Russ's open letter to Ken Leonard, CEO of ScanAlert.

Hacker unSafe customers, all vulnerable: