38 lines of code later, you're owned. Good thing the fix is in, eh?
By Richard Chirgwin 1 Aug 2017 at 02:04 http://www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icon/linkedin_alt.svgMcAfee has moved to patch a bug that falls under the “didn’t you get the memo?” category: among other things, its free Security Scan Plus online tool retrieved information over HTTP – that is, in plain text.The potential man-in-the-middle vector exists not in the operation of the free online scan, but in the house ads and UI design elements it serves.
A SecuriTeam-penned advisory on the problems notes that the tool “retrieves promotional and UI design information from different mcafee.com domains and displays them to the user, typically in the main application window.”
Full Article.
