Thursday, April 10, 2008

‘Hacker Safe' Seal Under Attack Following Site Breach

Scan Alert
MORE THAN 80,000 Web sites display a small logo proclaiming them "HackerSafe." But the company behind this security seal, ScanAlert, found itself on the defensive recently after technology retailer, which carries the seal, warned some customers that their personal and credit card data may have been compromised by hackers.

ScanAlert's seal is the most widely used, and can be found on dozens of marquee-brand sites, such as Sony's. Its popularity attracted McAfee, which bought ScanAlert last year.

A ScanAlert spokesperson says that "preliminary evidence" suggests the breach, reported to art undisclosed number of customers in January, likely occurred during one of several periods last year when Scan-Alert had withdrawn its certification from after discovering vulnerabilities on the Web site. Nevertheless, the incident has rekindled a debate about the value of such seals. Web site managers say that ScanAlert's automated-scanning service can sniff out some security flaws and that the logo is a valuable marketing tool. Detractors say that it can give companies and customers a false sense of security.

"[The] seals are completely ludicrous,” says David Kennedy of Secure-State. Upon a request for testing from the owners of ten Hacker Safe sites. His company was able to break into and easily access financial and customer data from nine of the ten sites.

McAfee’s Tim Dowling acknowledges that "Hacker Safe is not perfect,” but says that the service does help users defend their sites.

*.* Source of Information : April 2008 PC World

No comments: