Visitors to the website of security notification firm Secunia were confronted by a defacement on Thursday morning. The site was sprayed by digital graffiti by a hacker using the handle TurkGuvenligi in what early indications suggest was the result of a DNS hijack rather than an exploit on Secunia's website itself. A diary …
Makes you wonder
How secure the popular Secunia PSI patch checking utility is, since its update servers could just as well be hijacked. Hopefully they check for signed executables, but still, it's pretty embarrassing for a security company to be caught like this.
Great "product" sloppy processes
After a recent personal experience of a test install of PSI 2.0 Beta where the beta failed (not a problem that's what betas are for - however this was not at the bleeding edge of the beta program and it was an install on a fully patched 32 bit XP-Pro SP3 system) I discovered that the rollback to the previous version exhibited similar problems and consequently had to rollback another notch.
Unless some intervening MS patches interfered with the re-install of the previous version I was lead to the conclusion that the download (from their site) was not the same one I had download very soon after they announced its release and that Secunia had slipped out changes but failed to change the version number.
Secunia PSI Support very quickly responded to the original bug report but have maintained total silence over the "accusation".
"If my surmise is correct than that's sloppy organisation and rather tarnished your excellent "product".
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- iPhone sales set to PLUMMET: Bleak times ahead for Apple
- HTML5 vs native: Harry Coder and the mudblood mobile app princes