Visitors to the website of security notification firm Secunia were confronted by a defacement on Thursday morning. The site was sprayed by digital graffiti by a hacker using the handle TurkGuvenligi in what early indications suggest was the result of a DNS hijack rather than an exploit on Secunia's website itself. A diary …
Makes you wonder
How secure the popular Secunia PSI patch checking utility is, since its update servers could just as well be hijacked. Hopefully they check for signed executables, but still, it's pretty embarrassing for a security company to be caught like this.
Great "product" sloppy processes
After a recent personal experience of a test install of PSI 2.0 Beta where the beta failed (not a problem that's what betas are for - however this was not at the bleeding edge of the beta program and it was an install on a fully patched 32 bit XP-Pro SP3 system) I discovered that the rollback to the previous version exhibited similar problems and consequently had to rollback another notch.
Unless some intervening MS patches interfered with the re-install of the previous version I was lead to the conclusion that the download (from their site) was not the same one I had download very soon after they announced its release and that Secunia had slipped out changes but failed to change the version number.
Secunia PSI Support very quickly responded to the original bug report but have maintained total silence over the "accusation".
"If my surmise is correct than that's sloppy organisation and rather tarnished your excellent "product".
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Vid Google opens new Inbox – email for people too dumb to use email