April 18, 2014

Secunia Released Secunia Personal Software Inspector 3.0

(LiveHacking.com) – Secunia, the Danish IT security solution provider has released Secunia Personal Software Inspector 3.0.

Secunia Released Secunia Personal Software Inspector 3.0

Secunia Released Secunia Personal Software Inspector 3.0

According to Secunia official press release which has been sent to LiveHacking.com; The Secunia PSI 3.0 is a free personal vulnerability scanner which identifies software applications that are insecure and in need of security updates, or patches.

Secunia PSI 3.0 New Features & Improvements

  1. Simple User Interface: The new and simplified user interface displays the key information that users need to know such as scan results, the security status of installed software, and the last update dates. Further, the new settings menu allows users to select whether or not to install updates automatically, and which drives are to be scanned.
  2. Automatic Patching: Secunia PSI 3.0 receives automatic updates for all software supported by the application.
  3. Localization: The Secunia PSI 3.0 can be installed in any one of five languages including French, Spanish, German, Danish and English.
  4. Program Ignore Rules: Users have the ability to ignore updates to a particular program by creating ignore rules.
  5. Scan History: Reports about the updates installed and scans conducted can be accessed at any time through the history feature.

The Secunia PSI 3.0 is available to download here.

Secunia Launches its Vulnerability Reward Program

(LiveHacking.Com) - The Danish security management company Secunia has launched a vulnerability reward scheme that acts independently from software vendors. As part of the program Secunia will confirm vulnerability discoveries and handle coordination with the software companies on a security researchers’ behalf.

Under the Secunia Vulnerability Coordination Reward Program (SVCRP) the company will offer rewards to researchers in the form of top-of-the range merchandise and two major annual rewards which include free hotel accommodation and entry to an IT security conference. One of the hotel/conference rewards will go to the researcher who submits the most interesting vulnerability, the other will go to the researcher who has been consistently coordinating correct, clearly detailed vulnerability reports that are quick and easy to confirm as judged by Secunia.

“The fun part of vulnerability research is the actual process of discovering and understanding the vulnerabilities as well as creating proof of concepts or exploits; and not the sometimes extensive coordination and liaison process that follows with the vendor in order to fix the problem,” said Carsten Eiram, Chief Security Specialist at Secunia. “Under the new program we will both confirm vulnerability discoveries and handle the coordination process, allowing researchers to focus on the more exciting aspects of vulnerability research.”

Secunia are trying to distinguish themselves from other vulnerability reward schemes in that while other schemes pay researchers for their discoveries, the companies are very selective about which vulnerabilities they reward and coordinate. The SVCRP fills the gap for researchers who can’t or don’t want to participate in the other schemes but who would still like an independent third party to confirm their discoveries and handle coordination.

Secunia is willing to look at all types of vulnerabilities but they must meet the following basic criteria:

  • The vulnerability affects a stable product.
  • The vulnerability affects the latest version of the product.
  • The product is actively supported by the vendor.
  • The vulnerability is not already publicly known.
  • Secunia Research is able to confirm the reported vulnerability.

Unpatched hole in ImgBurn disk burning application

According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user’s system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an “insecure manner”, which can then lead to the execution of arbitrary code.

Read the full story here.

Source:[TheHSecurity]

Vulnerabilities: Microsoft Office TIFF Image Converter

Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user’s system.

An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image.

Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a
specially crafted TIFF image.

According to Secunia research, the successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

Microsoft Office XP SP3, Microsoft Office Converter Pack and Microsoft Works 9 are affected software but other versions may also be affected.

These two vulnerabilities rated critical and Microsoft has released a security patch (MS10-105) to fix the issues.

Source:[http://secunia.com/secunia_research/2009-30/]

Secunia Releases Personal Software Inspector (PSI) Version 2.0

Secunia has released version 2 of its Personal Software Inspector (PSI) application.

According to Secunia, the Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose the PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly “popular” among criminals.

The only solution to block these kind of attacks is to apply security updates, commonly referred to as patches. Patches are offered free-of-charge by most software vendors, however, finding all these patches is a tedious and time consuming task. Secunia PSI automates this and alerts you when your programs and plug-ins require updating to stay secure.

Download the Secunia PSI here.

Source & Screen-shot:[secunia.com]

Auto Update your Programs – Secunia PSI 2.0 Public Beta

Secunia released version 2 of its Personal Software Inspector (PSI) application.

With reference to Secunia blog, The core of the Secunia PSI, the scan engine or the Secunia Software Inspector technology has remained practically untouched and it is still the most accurate scanning engine available for detecting installed programs and missing security updates on the Windows platform.

The Secunia PSI uses the same framework and engine which has been used in Secunia commercial solutions, like the Secunia CSI, which is used by some of the largest and most security conscious companies and organisations in the world.

Download Secunia PSI:
http://secunia.com/PSI2SetupBeta.exe

Source:[http://secunia.com/blog/123/]