======================================================================== The Secunia Weekly Advisory Summary 2009-02-12 - 2009-02-19 This week: 49 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Fighting Vulnerabilities Hi, Since the inauguration of Secunia in 2002, we have offered a variety of free community services to aid you in staying secure online. Vulnerability Intelligence For years we have provided the world's best advisories with verified vulnerability intelligence. The vulnerability intelligence is based on broad information gathering and a rigorous testing and verification procedure where some of the world's most skilled vulnerability researchers and security specialists continuously conduct research to reproduce the reported vulnerabilities. Once the advisories have been published, we select the most critical ones affecting popular applications and initiate an even more thorough and in-depth analysis. This analysis is conducted by some of our reverse engineers and source code auditors. Their task is to gain an almost 100% understanding of the “inner workings” of each individual vulnerability. Binary Analysis When analysing the vulnerabilities the reverse engineers and source code auditors document programming errors and code that may affect the attack vector and exploitation. This analysis, including support files like PoCs, exploits, and PCAPs, is provided as part of our Binary Analysis service to IDS / IPS vendors, AV vendors, large enterprises, and governments. Vulnerability Research Secunia also puts a significant amount of resources into vulnerability research. Last year this resulted in Secunia being the most successful research company with a total of 68 vulnerabilities in significant software: http://secunia.com/secunia_research/ PSI, OSI, and the community Today, the most widely used free community effort by Secunia is the Secunia PSI with 1,1 million installations. The free Secunia PSI helps keeping private computer systems up-to-date with the latest security updates for all programs. Another 3.000 daily users keep the 70 most common programs up-to-date using the browser based Secunia OSI. The Secunia PSI received a 5 of 5 rating by download.com and was selected as 1 of 101 fantastic freebees by PCWorld. Developing, supporting, and promoting the use of Secunia PSI and OSI has a high priority at Secunia. Currently we employ 3 people, who focus solely on the PSI; other staff also spend significant resources on development and management of the Secunia PSI project. The Secunia PSI and OSI are also backed by an active online community where users can get support and help with updating software and other security related issues. In 2009, we will also be inviting the community to help translating and supporting the Secunia PSI in even more languages like we did with the first community translation to Spanish in December 2008. The free Secunia PSI and Secunia OSI solutions utilise the same technology and the same Vulnerability Intelligence as the business edition. This combination of technology and intelligence allows easy and reliable tracking of thousands of missing security updates, end-of-life programs, as well as up-to-date software for users. The future In the current turmoil of the global financial crisis, you can rest assured that Secunia will continue to provide the world's best software security update tool and vulnerability information free of charge to the community for use on private systems as well as conduct vulnerability research. We will, however, also seek to optimise our business to ensure that Secunia remain a sound and healthy business that can continue to afford investing in the community by charging businesses and governments for their use of our services and solutions on their systems. Stay Secure, Niels Henrik Rasmussen CEO ======================================================================== 2) This Week in Brief: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. For more information, refer to: http://secunia.com/advisories/33937/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA33847] BlackBerry Application Web Loader ActiveX Control Buffer Overflow 2. [SA33845] Microsoft Internet Explorer Two Code Execution Vulnerabilities 3. [SA33937] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities 4. [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities 5. [SA32270] Adobe Flash Player Multiple Security Issues and Vulnerabilities 6. [SA33934] IBM WebSphere Application Server "PerfServlet" Information Disclosure 7. [SA33923] Sun Java System Directory Server Directory Proxy Server Denial of Service 8. [SA33933] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting Vulnerability 9. [SA33921] Sun Solaris / SEAM Kerberos PAM Module Privilege Escalation 10. [SA33930] PHP Krazy Image Host Script "id" SQL Injection Vulnerability ======================================================================== 4) This Week in Numbers During the past week 49 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 4 Secunia Advisories Unix/Linux : 23 Secunia Advisories Other : 0 Secunia Advisories Cross platform : 22 Secunia Advisories Criticality Ratings: Extremely Critical : 0 Secunia Advisories Highly Critical : 11 Secunia Advisories Moderately Critical : 17 Secunia Advisories Less Critical : 17 Secunia Advisories Not Critical : 4 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Feb 20 2009 - 01:45:38 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:50:16 PST