When it comes to companies involved with the security of websites, we don’t get a sense that many of them either know much about security or care about it. The latest case in point comes from something we noticed while cleaning up a hacked website recently.
The .htaccess file in the root of the website included the following code:
We do have a pretty good idea why McAfee Secure and PathDefender don’t seem to have had the same concern. If you view the list of employees at PathDefender you can see that almost none of them actually seem to have a technical role at the company. It seems to be mostly a sales organization. This isn’t surprising since products like McAfee SECURE seem to be mostly focused on promoting that websites are secure then actually making sure they are secure. That can be seen pretty clearly on the homepage of the McAfee SECURE website which repeatedly promotes the service increasing customer sales:
It only gets to actually security in the fourth section of the page and even then it is only mentioned as one of six features:
As we mentioned in the beginning of the post, this was something that was on hacked website, so the service didn’t keep a website secure when it was under attack in at least one instance and based on our experience with cleaning up hacked websites using similar services in the past that probably isn’t an outlier.