Symantec, Eset and Panda Security had XSS flaw
By Gina on October 5, 2010 | Vulnerabilities, XSS vulnerability, Cross-site scripting flaw, Symantec, Eset, Panda Security, White-hat hacker, Team Elite, phishing attack
White-hat hacker discovered XSS vulnerabilities on three security firms’ websites that could be a reason for further phishing attacks.
Cross-site scripting (XSS) vulnerable spot on Symantec , Eset and Panda Security websites was found by Team Elite, one of its members. White-hat hacker told about their discoveries to these companies and they patched the flaw.
Team Elite says that these vulnerabilities may cause serious and dangerous phishing attacks. As team comments, XSS flaws happen because of inaccurate work in coding. It can cause malicious programs sneaking to the systems and spreading their fake messages. These kinds of vulnerabilities are a spice for phishing attacks.
„XSS vulnerability is a high level vulnerability which could allow an attacker to steal sensitive data such as login information and other credentials. I can assure you that our team does not do such things, we don't hack any websites, we simply deliver the proof of concept, spread the knowledge of existing vulnerability so the companies can correct those bugs for the good of their own,“ – explained one of Team Elite members.
It is useful that security teams, like Team Elite, are vigilant in being a back for security vendors such as Symantec, Eset and Panda Security. However, we all expect that these security giants be precisely accurate in their work.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
