The ScanAlert “HackerSafe” logo is a credibility indicator for commerce based websites. Anti-virus and anti-hacker companies are losing ground against financially-well-backed hacker groups looking to exploit faults for money, not just thrills.
Geeks.com has reported the incident to federal authorities and Visa, and is encouraging customers to review their credit card statements for unauthorized charges. The company has set up two help numbers — 1-888-529-6261 or 1-212-560-5108 for non-US customers — that will be active starting on Tuesday for those with questions about the incident. It is also providing contact information for the major credit agencies to make it easier to report any identity theft fraud arising from the incident.
Consumers see the “Hackersafe tested daily” logo as being a sentinel. It is constantly scrutinizing the website for vulnerabilities. But it’s often past vulnerabilities that matter. As seems to be the case here:
“…Nigel Ravenhill, a ScanAlert spokesman, said today via e-mail that the vendor had withdrawn the Hacker Safe certification from Geeks.com “several times” last year due to the existence of vulnerabilities in the retailer’s systems. Geeks.com fell out of compliance with ScanAlert’s security requirements last June and then again in December, according to Ravenhill.
During these periods, the Hacker Safe seal was not allowed to appear on their Web site,” Ravenhill wrote in the e-mail. “Preliminary evidence uncovered while investigating this matter suggests that the breach most likely occurred during one of these periods.”
The headlines leave things up in the air “‘Hacker Safe’ website gets hit by hacker” and “‘Hacker Safe’ Geeks.com Hacked” certainly get people’s attention, but in some ways are irresponsible. Unfortunately that’s how Journalism sometimes works. It’s up to McAfee to save the story. I don’t think they did.
Three things are wrong with the Hackersafe / Scanalert situation
- “Tested Daily” should show “Scanned since” or “Secured since” — along with the last day the logo was “taken offline” for any reason.
- “Hacker Safe” tells a story of invincibility that simply doesn’t exist. Hacker Safer doesn’t have the same marketing punch, but is more accurate.
- A better PR response from Mcafee was needed here. No comment was given on the informationweek article, and the one given above to Computing magazine was not very informative to most. It would seem that ScanAlert would be ready to address these things when they happen in a well-crafted way.