Secunia

Microsoft reviewing reported Windows 7-Safari hole

Microsoft said today that it is looking into a report of a critical vulnerability in Windows 7 that could be used to take over the computer if a user opened a malicious Web page using Apple's Safari browser.

"We are currently examining the issue and will take appropriate action to help ensure customers are protected," Jerry Bryant, group manager for Response communications of Microsoft's Trustworthy Computing Group, said in a statement to CNET.

Secunia released an advisory on the issue yesterday after the problem was reported in a tweet by a researcher using the handle "… Read more

Secunia: Apple software has the most holes

A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.

The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.

This analysis also supports the general perception that a high market share correlates with a high number of vulnerabilities--with Apple (maker of iTunes and QuickTime), Microsoft (Windows, Internet Explorer), … Read more

The best new Windows programs of 2008

There were a lot of high-profile updates in 2008, and the line between traditional software downloads and Web applications blurred significantly. The browser especially has become, for some people, the only program they need.

There were several stand out new applications, though, and here are six of what I think are the best ones. They range from traditional Web browsers and browser hybrids to communication tools and utilities that should help you work faster and help maintain your system.

Google Chrome : The one application that probably going to be on everybody's Nice list this year, Google Chrome unexpectedly redefined … Read more

Featured Freeware: Secunia PSI

Not only does Secunia Personal Software Inspector provide extensive details on the software installed on your computer, it also gives you direct links to update programs that are older and potentially not secure.

The interface mixes professional layout with a text-heavy, spartan design. At the top right of the program window, users can choose a Simple or Advanced layout. Under Simple, Secunia provides basic information about the installed program statuses, with a chart to gauge their security over time and a simplified listing of any errors. Clicking on an error leads you through the proprietary Easy-to-Patch program update process, which … Read more

Secunia keeps your apps up-to-date

Not only does Secunia Personal Software Inspector provide extensive details on the software installed on your computer, it also gives you direct links to update programs that are older and potentially not secure.

The interface mixes professional layout with a text-heavy, spartan design. At the top right of the program window, users can choose a Simple or Advanced layout. Under Simple, Secunia provides basic information about the installed program statuses, with a chart to gauge their security over time and a simplified listing of any errors. Clicking on an error leads you through the proprietary Easy-to-Patch program update process, which … Read more

US-CERT warns of SAP vulnerability

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in the German company's enterprise resource-planning software.

The unspecified flaw can cause Microsoft's Internet Explorer browser to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

US-CERT warned in an advisory, updated on Monday, that if users are fooled into viewing a specially crafted HTML document, external attackers might be able to gain control of their system, with their privileges.

A patch is available from SAP, through SAP … Read more

Secunia's Online Software Inspector

Secunia's Online Software Inspector (OSI) is a great free service, one that all Windows users should avail themselves of regularly. OSI is an online scan of a Windows computer (Macs and Linux are not supported) that looks for software with known security flaws. Any computer that gets a clean bill of health from OSI is better defended than one that doesn't.

As I write this, only 7,019 scans have been run in the last 24 hours. More Windows users need to be made aware of the scanner, and I hope this posting does so. That said, OSI … Read more

Two problems with Secunia Online Software Inspector

Update October 20, 2008 Noon EDT. According to Secunia they now detect version 10 of the Flash Player and they have corrected their FAQ. However, the most important issue, treating version 9 of the Flash Player as good rather than bad has not changed. Update October 20, 2008 9 PM EDT. An email from Secunia said they don't consider version 9,0,124,0 of the Flash Player to be bad because it is the latest edition of version 9 and because Adobe still supports version 9.

I've mentioned previously that I'm a big fan of Secunia'… Read more

Sun's Java sloppiness

In researching assorted postings on this blog I've dealt with security firm Secunia and thus ended up on their mailing list. They sent a notice yesterday warning that QuickTime has a security problem and everyone should upgrade to the newest version. A new bug in QuickTime certainly comes as no shock.

But the email was about more than just QuickTime. Secunia said this latest fix was the "...fourth major security update during the last two days required to protect private PCs against criminal attacks ... Users of Skype, Adobe Reader, and Java also run a risk of falling victim … Read more

Why you should patch your Java Runtime Environment

According to Secunia, Sun Microsystems has patched a vulnerability that could allow malicious attackers to bypass certain security restrictions.

Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."

Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.