McAfee Secure Mark – Insecure !

The folks down at Skeptikal.org announced that a couple of CSRF (Cross Site Request Forgery) bugs were found on the McAfee website, Its funny that one of the bugs was found on “McAfee Secure” website which is a service that certifies the security of sites that conduct e-commerce and other sensitive transactions.

For several weeks the bugged website continued to have the (McAfee Secure ) trust mark, So you might think that either the SDLC that certify websites to bear this mark was not followed by McAfee or its simply flawed.

But I think its only natural because as we all know nothing is 100% secure so it means absolutely nothing to have such a mark on your website, In fact you introduce a new risk and thats loosing face and image for bearing a badge that says I am Perfect while you are not. because no body is perfect.

Even McAfee.

Quick Note: about 14,000 E-Commerce websites bear the mark