One of the logos that users have come to trust is the “Hacker Safe” label placed on certain sites. Geeks.com has that logo on their site, but that didn’t stop them from getting hacked back in December. Are the sites that say they are Hacker Safe really all that secure?
The Hacker Safe program is run by McAfee’s ScanAlert service, and 62 different websites that are certified by them have been found to have cross-site scripting (XSS) attacks over the last year…including the ScanAlert site itself. Most of the sites have plugged the holes, but the 62 sites affected includes popular ones such as brookstone.com, cafepress.com, cduniverse.com, gnc.com, petsmart.com, and sportsauthority.com. All of those are “Hacker Safe” sites.
There was some speculation as to whether Geeks.com was Hacker Safe when they had their data breach in December, but I pulled up the archives for their site and the logo has been on their site for a long time. Unfortunately there was no archive available around the timeframe of the breech, but I think ScanAlert is just trying to cover their butt by passing off the blame.
I guess the moral of the story is that the Hacker Safe logo may give you some initial reassurances, but even some of the biggest sites are still left vulnerable. Try to make sure that the sites you are ordering from don’t store your personal information, such as a credit card number.
[via Information Week]