I was over reading Russ McRee's blog today, and I've got to say, if McAfee's HackerSafe (or whatever they're calling it now) doesn't die off soon, then he'll be able to write a novel about their trials and tribulations.
Apparently, McAfee authorized distributor Winferno.com is not HackerSafe... not that it would've mattered, as that wouldn't have helped them prevent the XSS issues that McRee exposed on his blog. McRee says:
Shouldn't a McAfee Partner be McAfee Secure? Apparently not, and being one wouldn't have cured the XSS blues anyway. Next in our video series, a supposedly secure shopping cart that is far from.
Here's an IFRAME. Here's the cookie. As well we know, coughing up the cookie counts as a really bad thing for any shopping cart, let alone an SSL protected shopping cart that happens to be a McAfee Partner and authorized distributor of McAfee Software. But lest we forget, McAfee doesn't count XSS as concerning. Here's the video.
One thing even McAfee has to agree on, McRee has style. I like the video documentation and ticker tape messages. McRee covers even more details on this topic over at his blog, and I recommend you go over there and have a look for yourself.
Of course, if you're a current HackerSafe customer and are starting to worry, I'm still offering the "Nate McFeters Safe" certification. Don't be the last to fall in line, others have been quick to jump on, for example, the following noted security researchers are already proudly signed up and displaying the "Nate McFeters Safe" certification: