[ISN] Secunia Weekly Summary - Issue: 2009-8

From: InfoSec News <alerts_at_private>
Date: Fri, 20 Feb 2009 03:45:38 -0600 (CST)

                  The Secunia Weekly Advisory Summary                  
                        2009-02-12 - 2009-02-19                        

                       This week: 49 advisories                        

Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers

1) Word From Secunia:

Fighting Vulnerabilities


Since the inauguration of Secunia in 2002, we have offered a variety of
free community services to aid you in staying secure online.

Vulnerability Intelligence
For years we have provided the world's best advisories with verified
vulnerability intelligence. The vulnerability intelligence is based on
broad information gathering and a rigorous testing and verification
procedure where some of the world's most skilled vulnerability
researchers and security specialists continuously conduct research to
reproduce the reported vulnerabilities.

Once the advisories have been published, we select the most critical
ones affecting popular applications and initiate an even more thorough
and in-depth analysis. This analysis is conducted by some of our
reverse engineers and source code auditors. Their task is to gain an
almost 100% understanding of the “inner workings” of each
individual vulnerability.

Binary Analysis
When analysing the vulnerabilities the reverse engineers and source
code auditors document programming errors and code that may affect the
attack vector and exploitation. This analysis, including support files
like PoCs, exploits, and PCAPs, is provided as part of our Binary
Analysis service to IDS / IPS vendors, AV vendors, large enterprises,
and governments.

Vulnerability Research
Secunia also puts a significant amount of resources into vulnerability
research. Last year this resulted in Secunia being the most successful
research company with a total of 68 vulnerabilities in significant

PSI, OSI, and the community
Today, the most widely used free community effort by Secunia is the
Secunia PSI with 1,1 million installations. The free Secunia PSI helps
keeping private computer systems up-to-date with the latest security
updates for all programs. Another 3.000 daily users keep the 70 most
common programs up-to-date using the browser based Secunia OSI.

The Secunia PSI received a 5 of 5 rating by download.com and was
selected as 1 of 101 fantastic freebees by PCWorld.

Developing, supporting, and promoting the use of Secunia PSI and OSI
has a high priority at Secunia. Currently we employ 3 people, who focus
solely on the PSI; other staff also spend significant resources on
development and management of the Secunia PSI project.

The Secunia PSI and OSI are also backed by an active online community
where users can get support and help with updating software and other
security related issues. In 2009, we will also be inviting the
community to help translating and supporting the Secunia PSI in even
more languages like we did with the first community translation to
Spanish in December 2008.

The free Secunia PSI and Secunia OSI solutions utilise the same
technology and the same Vulnerability Intelligence as the business
edition. This combination of technology and intelligence allows easy
and reliable tracking of thousands of missing security updates,
end-of-life programs, as well as up-to-date software for users.

The future
In the current turmoil of the global financial crisis, you can rest
assured that Secunia will continue to provide the world's best software
security update tool and vulnerability information free of charge to the
community for use on private systems as well as conduct vulnerability
research. We will, however, also seek to optimise our business to
ensure that Secunia remain a sound and healthy business that can
continue to afford investing in the community by charging businesses
and governments for their use of our services and solutions on their

Stay Secure,

Niels Henrik Rasmussen

2) This Week in Brief:

Apple has issued a security update for Mac OS X, which fixes multiple

For more information, refer to:

3) This Weeks Top Ten Most Read Advisories:

1.  [SA33847] BlackBerry Application Web Loader ActiveX Control Buffer
2.  [SA33845] Microsoft Internet Explorer Two Code Execution
3.  [SA33937] Apple Mac OS X Security Update Fixes Multiple
4.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
5.  [SA32270] Adobe Flash Player Multiple Security Issues and
6.  [SA33934] IBM WebSphere Application Server "PerfServlet"
              Information Disclosure
7.  [SA33923] Sun Java System Directory Server Directory Proxy Server
              Denial of Service
8.  [SA33933] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting
9.  [SA33921] Sun Solaris / SEAM Kerberos PAM Module Privilege
10. [SA33930] PHP Krazy Image Host Script "id" SQL Injection

4) This Week in Numbers

During the past week 49 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

  Windows             :      4 Secunia Advisories
  Unix/Linux          :     23 Secunia Advisories
  Other               :      0 Secunia Advisories
  Cross platform      :     22 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :     11 Secunia Advisories
  Moderately Critical :     17 Secunia Advisories
  Less Critical       :     17 Secunia Advisories
  Not Critical        :      4 Secunia Advisories


Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)


Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

Best Selling Security Books and More!
Received on Fri Feb 20 2009 - 01:45:38 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:50:16 PST