Are You Hacker-Safe?

Labeling a Website 'safe' is just asking for it to be hacked

Dark Reading Staff, Dark Reading

January 22, 2008

2 Min Read

5:05 PM -- Would you be comfortable putting a banner on your Website that says your site is safe just because a vulnerability scanning service said so? felt confident that the service provided by McAfee’s ScanAlert service protected them from attack, yet in December, they sent emails to customers saying that their personal data (name, address, email address, and credit card information) may have been compromised on their site.

According to ScanAlert, had their “Hacker Safe” seal revoked several times due to vulnerabilities which were then quickly fixed in order for them to re-qualify for the seal. That still doesn’t make me to want to buy anything from -- even though, as of today, the “Hacker Safe” seal is back on the site.

ScanAlert received yet another black eye last week when InformationWeek reported that 62 Websites carrying the Hacker Safe label had cross-site scripting (XSS) vulnerabilities, which have been tracked by the crew over at since February of 2007., meanwhile, early last year began exposing unsafe Hacker Safe sites. (See 'Hacker Safe': Safe for Hackers.)

Putting a banner on site that says you’re "Hacker Safe” ranks up there with Larry Ellison saying Oracle 9i was unbreakable. It’s the equivalent of laughing in the face a bully, which simply eggs him on to give you more of a pounding than you would have gotten if you’d kept your mouth shut. Claiming something can’t be hacked is irresponsible, and basically just poses a challenge to malicious hackers to take a whack at you.

It's practically impossible to eradicate all vulnerabilities. You can detect most known vulnerabilities with a combination of scanning and manual testing, but there may be new attack techniques out there that exploit some functionality that was previously believed to be secure.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights