Visitors to the website of security notification firm Secunia were confronted by a defacement on Thursday morning. The site was sprayed by digital graffiti by a hacker using the handle TurkGuvenligi in what early indications suggest was the result of a DNS hijack rather than an exploit on Secunia's website itself. A diary …
Makes you wonder
How secure the popular Secunia PSI patch checking utility is, since its update servers could just as well be hijacked. Hopefully they check for signed executables, but still, it's pretty embarrassing for a security company to be caught like this.
Great "product" sloppy processes
After a recent personal experience of a test install of PSI 2.0 Beta where the beta failed (not a problem that's what betas are for - however this was not at the bleeding edge of the beta program and it was an install on a fully patched 32 bit XP-Pro SP3 system) I discovered that the rollback to the previous version exhibited similar problems and consequently had to rollback another notch.
Unless some intervening MS patches interfered with the re-install of the previous version I was lead to the conclusion that the download (from their site) was not the same one I had download very soon after they announced its release and that Secunia had slipped out changes but failed to change the version number.
Secunia PSI Support very quickly responded to the original bug report but have maintained total silence over the "accusation".
"If my surmise is correct than that's sloppy organisation and rather tarnished your excellent "product".
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA