AOH :: IS1740.HTM

Secunia Weekly Summary - Issue: 2009-8




Secunia Weekly Summary - Issue: 2009-8
Secunia Weekly Summary - Issue: 2009-8



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-151666768-1235123138=:3806
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2009-02-12 - 2009-02-19                        

                       This week: 49 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers

=======================================================================1) Word From Secunia:

Fighting Vulnerabilities

Hi,

Since the inauguration of Secunia in 2002, we have offered a variety of
free community services to aid you in staying secure online.

Vulnerability Intelligence
For years we have provided the world's best advisories with verified
vulnerability intelligence. The vulnerability intelligence is based on
broad information gathering and a rigorous testing and verification
procedure where some of the world's most skilled vulnerability
researchers and security specialists continuously conduct research to
reproduce the reported vulnerabilities.

Once the advisories have been published, we select the most critical
ones affecting popular applications and initiate an even more thorough
and in-depth analysis. This analysis is conducted by some of our
reverse engineers and source code auditors. Their task is to gain an
almost 100% understanding of the =E2=80=9Cinner workings=E2=80=9D of each
individual vulnerability.

Binary Analysis
When analysing the vulnerabilities the reverse engineers and source
code auditors document programming errors and code that may affect the
attack vector and exploitation. This analysis, including support files
like PoCs, exploits, and PCAPs, is provided as part of our Binary
Analysis service to IDS / IPS vendors, AV vendors, large enterprises,
and governments.

Vulnerability Research
Secunia also puts a significant amount of resources into vulnerability
research. Last year this resulted in Secunia being the most successful
research company with a total of 68 vulnerabilities in significant
software:
http://secunia.com/secunia_research/ 

PSI, OSI, and the community
Today, the most widely used free community effort by Secunia is the
Secunia PSI with 1,1 million installations. The free Secunia PSI helps
keeping private computer systems up-to-date with the latest security
updates for all programs. Another 3.000 daily users keep the 70 most
common programs up-to-date using the browser based Secunia OSI.

The Secunia PSI received a 5 of 5 rating by download.com and was
selected as 1 of 101 fantastic freebees by PCWorld.

Developing, supporting, and promoting the use of Secunia PSI and OSI
has a high priority at Secunia. Currently we employ 3 people, who focus
solely on the PSI; other staff also spend significant resources on
development and management of the Secunia PSI project.

The Secunia PSI and OSI are also backed by an active online community
where users can get support and help with updating software and other
security related issues. In 2009, we will also be inviting the
community to help translating and supporting the Secunia PSI in even
more languages like we did with the first community translation to
Spanish in December 2008.

The free Secunia PSI and Secunia OSI solutions utilise the same
technology and the same Vulnerability Intelligence as the business
edition. This combination of technology and intelligence allows easy
and reliable tracking of thousands of missing security updates,
end-of-life programs, as well as up-to-date software for users.

The future
In the current turmoil of the global financial crisis, you can rest
assured that Secunia will continue to provide the world's best software
security update tool and vulnerability information free of charge to the
community for use on private systems as well as conduct vulnerability
research. We will, however, also seek to optimise our business to
ensure that Secunia remain a sound and healthy business that can
continue to afford investing in the community by charging businesses
and governments for their use of our services and solutions on their
systems.

Stay Secure,

Niels Henrik Rasmussen
CEO

=======================================================================2) This Week in Brief:

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

For more information, refer to:
http://secunia.com/advisories/33937/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA33847] BlackBerry Application Web Loader ActiveX Control Buffer
              Overflow
2.  [SA33845] Microsoft Internet Explorer Two Code Execution
              Vulnerabilities
3.  [SA33937] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities
4.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
5.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
6.  [SA33934] IBM WebSphere Application Server "PerfServlet"
              Information Disclosure
7.  [SA33923] Sun Java System Directory Server Directory Proxy Server
              Denial of Service
8.  [SA33933] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting
              Vulnerability
9.  [SA33921] Sun Solaris / SEAM Kerberos PAM Module Privilege
              Escalation
10. [SA33930] PHP Krazy Image Host Script "id" SQL Injection
              Vulnerability

=======================================================================4) This Week in Numbers

During the past week 49 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
  Windows             :      4 Secunia Advisories
  Unix/Linux          :     23 Secunia Advisories
  Other               :      0 Secunia Advisories
  Cross platform      :     22 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :     11 Secunia Advisories
  Moderately Critical :     17 Secunia Advisories
  Less Critical       :     17 Secunia Advisories
  Not Critical        :      4 Secunia Advisories

=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web=09: http://secunia.com/ 
E-mail=09: support@secunia.com 
Tel=09: +45 70 20 51 44
Fax=09: +45 70 20 51 45


--1457021584-151666768-1235123138=:3806
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/ 

--1457021584-151666768-1235123138=:3806--

Site design & layout copyright © 1986-2014 CodeGods