Hacker Safe or not? Read on, watch the video and vote now!

Written by DP

Monday, 28 April 2008

Last Update: 30 Apr 08

Russ McRee brought up again his concerns about the Hacker Safe issue with his latest blog post titled "Still not Hacker Safe, roll the video".

Me and Kevin are also annoyed with the fact that McAfee's ScanAlert service is, as Russ pointed out, more like fraudulent marketing fluff than a worthy expense for websites.  What do YOU think?


Russ has also prepared a video pointing out only reflected, non-persistent vulnerabilities in Hacker Safe branded sites:

The following are Russ's points that ScanAlert chose to ignore for some fraudulent marketing fluff reasons... :-/
1) Sites that are vulnerable to XSS are not PCI compliant. All of the sites in this video take CC payments and store customer information.
2) The sites in this video have been vulnerable for months. Additionally, some have been advised multiple times and have simply ignored my notices. Their Hacker Safe branding is active and has not been removed at any time.
3) The ScanAlert Hacker Safe service claims XSS as part of its vulnerability checks; sites that are vulnerable to it should not be showing the Hacker Safe label in perpetuity.


Join the protest against the Hacker Safe branding by commenting Russ's open letter to Ken Leonard, CEO of ScanAlert.

Hacker unSafe customers, all vulnerable:
Hacker unSafe customers...

Have a look on how ScanAlert's fraudulent marketing works...

Several hilarious quotes from an official Hacker Safe affiliate:
Ask yourself this question...
What's The Difference Between You And Your Competition?

When you display the HACKER SAFE certification mark, you not only increase sales by increasing shopper confidence, you build your brand with the security seal seen on more top sites than any other.

Why are so many sites using it..?
Because HACKER SAFE Really Works!

If your site is not HACKER SAFE you are losing money!

We are not stupid McAfee/ScanAlert! :-/


Related News (Updated):
"More bad news for McAfee, HackerSafe certification", Nathan McFeters, ZDNet Zero Day blog - 1 May 08
"McAfee 'Hacker Safe' cert sheds more cred", Dan Goodin, TheRegister - 29 Apr 08
"Hacker Safe Hacked", Thomas Claburn, InformationWeek - 7 Jan 08
"Many Hacker Safe Web Sites Found Vulnerable", Thomas Claburn, InformationWeek - 17 Jan 08
"McAfee pays $51m for Hacker Safe", John Oates, ChannelRegister - 30 Oct 07
"Are 'Sealed' Websites Any Safer", Kelly Jackson Higgins, DarkReading - 9 Feb 07
"ScanAlert's Hacker Safe badge not so safe and PCI compliant", Dimitris Pagkalos, XSSed - 21 Jan 08
"Open letter to ScanAlert's CEO about Hacker Safe label", Dimitris Pagkalos, XSSed - 1 Feb 08

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.