ReadWriteWeb

There are numerous SaaS-based scanning services for your Web site, and most of them will check your HTML for errors, look for security loopholes or ping your site to make sure it is operating and reachable. A not-so-new entrant into this area is from Cenzic, called ClickToSecure Cloud. Beginning today, the service is available for purchase from the Microsoft Azure Marketplace.

WordPress has detected and fixed a cross-site scripting (XSS) vulnerability. WordPress 3.04 contains the fix that founder Matt Mullenweg calls "critical." Hosted WordPress.com customers don't need to worry, as security updates happen automatically for them.

XSS attacks can be used to steal login information or other sensitive information from visitors to a particular site. According to ReadWriteWeb staff hacker Tyler Gilles, this is similar to XSS vulnerability that affected Twitter users recently. He notes that WordPress's fix is similar to Twitter's.

McAfee, widely recognized as one of the leading providers of online security software for both home and business, appears to be struggling to secure its own Web sites, which at the time of writing this post, allow anyone with enough tech savvy to covertly do whatever they want on, and with, the site.

During tests this weekend, we discovered the company who claims to "keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams," has several cross-site scripting (XSS) vulnerabilities and provides the bad guys with a brilliant - albeit ironic - launching pad from which to unleash their attacks.