Visitors to the website of security notification firm Secunia were confronted by a defacement on Thursday morning. The site was sprayed by digital graffiti by a hacker using the handle TurkGuvenligi in what early indications suggest was the result of a DNS hijack rather than an exploit on Secunia's website itself. A diary …
Makes you wonder
How secure the popular Secunia PSI patch checking utility is, since its update servers could just as well be hijacked. Hopefully they check for signed executables, but still, it's pretty embarrassing for a security company to be caught like this.
Great "product" sloppy processes
After a recent personal experience of a test install of PSI 2.0 Beta where the beta failed (not a problem that's what betas are for - however this was not at the bleeding edge of the beta program and it was an install on a fully patched 32 bit XP-Pro SP3 system) I discovered that the rollback to the previous version exhibited similar problems and consequently had to rollback another notch.
Unless some intervening MS patches interfered with the re-install of the previous version I was lead to the conclusion that the download (from their site) was not the same one I had download very soon after they announced its release and that Secunia had slipped out changes but failed to change the version number.
Secunia PSI Support very quickly responded to the original bug report but have maintained total silence over the "accusation".
"If my surmise is correct than that's sloppy organisation and rather tarnished your excellent "product".