SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

McAfee's Hacker Safe nominated for a Pwnie

2008-07-21 11:05:00 by Russ McRee in HolisticInfoSec.org
 
...Pierini's response to the findings XSSed.com and I gave to Thomas Claburn for publication in Information Week this past January Joseph Pierini, director of enterprise services for the "Hacker Safe" program, stepped in it when he said that XSS vulnerabilities can't be used to hack a server Cross-site scripting can't be used to hack a server....
 
Tags: hacker safe, mcafee, hacker safe fiasco, pierini, joseph pierini, mcafee secure, vendor response, server, joesph pierini
 
 
 
 
Expand article

So...you can hack a server with XSS?

2008-12-16 21:24:00 by Russ McRee in HolisticInfoSec.org
 
...Pierini and Kirk Lawrence of McAfee Secure in August , and received an update regarding the still pending " McAfee Secure Standard " in October Sadly, both Joe and Kirk have left McAfee, in pursuit of better opportunities , leaving our McAfee Secure crusade in lurch. I'll be updating you on the Standard (allegedly, now being released in...
 
Tags: mcafee secure, mcafee, mcafee secure crusade, server, mcafee secure standard, xss, mail servers, servers, mail server
 
 
 
 
Expand article

PCI Co and ASVs

2008-03-21 23:53:00 by Random InfoSec Guy in Security Coin
 
...Pierini, director of enterprise services for the ScanAlert "Hacker Safe" program, maintains that XSS vulnerabilities can't be used to hack a server. He maintains that XSS vulnerabilities aren't material to a site's certification. "Cross-site scripting can't be used to hack a server," he said. "You may be able to do other things with it. You...
 
Tags: xss, xss flaws, xss vulnerabilities, pci, site, cross-site, pci ssc, site-specific, xss attacks
 
 
 
 
Expand article

The McAfee Secure Standard: Sort Of

2008-10-07 23:47:00 by Russ McRee in HolisticInfoSec.org
 
...Pierini and Kirk Lawrence of McAfee some weeks ago. I admit my attitude has soured since last I discussed it here, as the Standard is not yet ready for public release (I last said 2-3 weeks and that was five weeks ago), but bear with me. I can't publish exact quotes from the Standard, as I've promised not to, but let me give you insight on...
 
Tags: mcafee, mcafee secure customers, sites, mcafee secure sites, mcafee secure standard, mcafee secure service, mcafee secure, loved mcafee secure, convince mcafee
 
 
 
 
Expand article

An Open Letter to Ken Leonard, CEO, ScanAlert

2008-01-25 13:45:00 by Russ McRee in HolisticInfoSec.org
 
...Pierinis pearls of wisdom like XSS vulnerabilities aren't material to a site's certification. Adopting a view like this is ridiculous and blatantly ignorant given the risks to consumers. You scan for XSS and clearly denote it in your How We Scan section. Therefore, if a site is vulnerable to XSS it is not Hacker Safe This is far from the...
 
Tags: hacker safe brand, hacker safe, hacker safe program, site hacker safe, hacker safe credential, site, xss vulnerabilities, vulnerabilities, xss
 
 
 
 
Expand article

Cross-site scripting CAN be used to hack a server

2008-08-05 22:06:00 by Russ McRee in HolisticInfoSec.org
 
...Pierini at McAfee Secure / Hacker Safe said XSS wasn't important because "cross-site scripting can't be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn't going to be compromised by a...
 
Tags: server, server hack, hack, manager, file manager tool, file, root password, email, cpanel user
 
 
 
 
Expand article

McIrony: An unexpected response from McAfee

2008-08-30 13:04:00 by Russ McRee in HolisticInfoSec.org
 
...Pierini, the very guy who has suffered more than his share of abuse, up to and including the Pwnie . As I have been a direct contributor and participant in heckling Joe, you can imagine our meeting could have been uncomfortable. It was not I have had expectations of McAfee and Scan Alert that to date have not been met, or my (your) perception...
 
Tags: mcafee, mcafee secure, negative security research, research, mcafee secure product, security, security research community, information security professional, positive outcome
 
 
 
 
 
Showing 1-7 of 7 records
1
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia