Imagine walking into your local police station to report a robbery, only to find the police station under siege by thugs who are casually taking everything they can lay their hands on.
Such a scenario wouldn’t inspire much confidence, now would it? Chances are pretty high that you would consider other means of preventing or stopping a robbery at your house in the future.
Clearly, McAfee is in danger of falling into a similar predicament as the defenseless police station after YGN identified a number of security holes on the company’s website.
To be sure, YNG recently documented multiple cross-site scripting vulnerabilities as well as numerous points of inadvertent information disclosure that could be exploited by hackers.
The data leaks on the site also included the ability to see the actual name of an internal host machine as well as 18 disclosures of source code.
As if the presence of vulnerabilities on McAfee’s website was not bad enough, the handling of the incident certainly left a lot to be desired. YGN initially reported the issues to McAfee on February 10th and initially chose to keep it quiet as an act of good faith. McAfee responded two days later confirming that they were working on sorting out the issue “as quickly as possible.”
But as of March 27th, a whole one and a half months later, none of the issues had been fixed – prompting YGN to go public with the information. It should be noted that many of the world’s largest corporations and/or websites rely on McAfee products to protect them from malware and hacking.
Of course, the latest revelation has the potential of making it that much more difficult for marketers and resellers of McAfee’s internet security products to shore up sales in an ever more competitive market teeming with respectable freeware.
[Via Network World]