Hacker Safe Friendly One of the logos that users have come to trust is the “Hacker Safe” label placed on certain sites. Geeks.com has that logo on their site, but that didn’t stop them from getting hacked back in December. Are the sites that say they are Hacker Safe really all that secure?

The Hacker Safe program is run by McAfee’s ScanAlert service, and 62 different websites that are certified by them have been found to have cross-site scripting (XSS) attacks over the last year…including the ScanAlert site itself. Most of the sites have plugged the holes, but the 62 sites affected includes popular ones such as brookstone.com, cafepress.com, cduniverse.com, gnc.com, petsmart.com, and sportsauthority.com. All of those are “Hacker Safe” sites.

There was some speculation as to whether Geeks.com was Hacker Safe when they had their data breach in December, but I pulled up the archives for their site and the logo has been on their site for a long time. Unfortunately there was no archive available around the timeframe of the breech, but I think ScanAlert is just trying to cover their butt by passing off the blame.

I guess the moral of the story is that the Hacker Safe logo may give you some initial reassurances, but even some of the biggest sites are still left vulnerable. Try to make sure that the sites you are ordering from don’t store your personal information, such as a credit card number.

[via Information Week]

There Are 10 Comments

  1. Is Cybernet hacker safe>????? ;)

  2. One of the logos that users have come to trust is the “Hacker Safe”

    I never heard about it before i read it here, maybe its a more amercian thing

  3. My grandpa has told me about McAfee when he worked for INS. Said it was about as bas as Window ME. I’m surprised people would let a company like that label their site as secure. Only way to test if a site is secure is to actually test it yourself, imho.

  4. Amak wrote:
    My grandpa has told me about McAfee when he worked for INS. Said it was about as bas as Window ME. I’m surprised people would let a company like that label their site as secure. Only way to test if a site is secure is to actually test it yourself, imho.

    Yea Mcafee ha made one of the worst antivirus software in recent times.

  5. I recently bought a new laptop for my son, first thing I did was to uninstall Mcafee and replace it with another anti-virus(NOT NORTON!) before he used it.

    • I think my site is more secured than those cracker-friendly sites… Is better to have a white hat hacker in my team… But yes, the first thing to do is to replace not only the “anti-virus” but the entire system to have some security versus more of the 80% of the script-kiddies and automatic cracks, and yes, my server has been hacked only once an it has more than 1234 spyders trying to get the entire site.

  6. Google wrote:
    Is Cybernet hacker safe>????? ;)

    :) I should just put the logo on the site for the fun of it.

    Richard wrote:
    I never heard about it before i read it here, maybe its a more amercian thing

    Huh, that’s interesting. I always assumed that it was a worldwide service, but most of the online stores that I visit have the logo on it.

    Amak wrote:
    Only way to test if a site is secure is to actually test it yourself, imho.

    Well, that’s assuming that you know a thing or two about security. ;)

  7. :mrgreen:
    No site is 100% safe but it really depends on the skill of the person doing the hacking, take for example this page and it’s comments form, now I myself can already see it has an expand and decrease text area. So my argument would be what if the attacker simply increased the size of the text field beyond the scope of the page’s ability to display it?

    As for XSS – cross site scripting, well yes thats just nasty, but then again so is Javascript in the wrong hands!

    Their is no such thing as White-Hat hackers and Black-Hat hackers, their is only Nice people and Bad people in my humble opinion!

  8. Having a hacker safe logo on a site is akin to sending an open invite to ever hacker under the sun, “I am hacker proof, so nyah you cant hack me!”

    Nothing is unhackable!

  9. Let’s put it this way… it’s from McAfee

Leave Your Comment


Message is the only required field.
Emails are not published.