Tenable Network Security Podcast

Welcome to the Tenable Network Security Podcast - Episode 95 Hosts Paul Asadoorian, Product Evangelist Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #10". We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories 15 Years of Software Security: Looking Back and Looking Forward - First a look back: Remember smashing the stack for fun and profit? Buffer overflows were all the rage, and resulting in what the author calls "undesired functionality" in applications. Vendors tended to ignore the vulnerability disclosure process and many more vulnerabilities, and associated exploits, floated around the Internet until someday the vendor decided to patch them, or not. The security community as a whole grew up, many companies were created to sell products, and many got bought and folded into larger companies. Before we look into the future, what has really changed? Web applications have provided us with a newer form of the buffer overflow, as the vulnerabilities lead to "undesired functionality", and are as plentiful, if not more, than traditional buffer overflows were. The difference is that they are now spread across thousands of applications and many require end-user interaction. The author then looks into the future, which is dangerous, or not, depending on how you look at it. Since it hasn't occurred yet, you can make predictions and it doesn't matter if you were correct or not, it was just a prediction. Rubbing an iPhone on your face won't cure acne - FTC - I wonder how many people fell for this one: "The Federal Trade Commission has fined two developers who claimed their mobile apps could cure acne with flashing colour, but there's still plenty of snake-oil on sale." We rely on technology for so many things, removing pimples with your iPhone is not one of them. Hacker claims he can exploit Windows Update - "I can issue updates via windows update! You see? I'm so smart, sharp, dangerous, powerful, etc.," - Thats a bold statement, begging the question could someone issue patches using stolen certificates? Of course, for this attack to work, you would have to first perform a MiTM attack against the targeted Windows systems. We hope there are enough protections in place to prevent this attack from being successful. Security Manager's Journal: Assessing the company's Internet-facing apps - Application testing is so important, and this article highlights some of the common problems associated with applications. Sure, physical security is important, and if all your assessment team is telling you is that "piggybacking" is possible, you should find another assessment team. The results of the web application testing were impressive, in addition to the XSS vulnerabilities, it was found that customer data was being sent without SSL encryption, pay products could be downloaded without paying for them, and documents that could be downloaded, modified, then re-uploaded. The tricky part is how do you fix these problems and make sure they are fixed on an ongoing basis. Inside Cisco global security operations - "That depth of intelligence enabled us, in a very specific example, to provide an update that would indicate by trajectory, IP block by IP block, who had likely already been infected. We could increase the risk associated with those IP blocks dynamically, as it propagated," The article talked in depth about communication and "depth", two concepts which are so important to information security. Linux world in security spinout as Linux Foundation and Kernel.org remain "temporarily unavailable" - "I'm still struggling to decide quite what the Loony Linux Lovers - those who insist that Linux is immune to malware - will make of this episode. Whilst Linux malware is not new, this is probably the closest it has ever come to the heart of their beloved operating system." I'm still amazed that Linux folks take the high ground when it comes to security, goes to show that no one is truly immune, not that its a new concept, but compromising kernel.org and linux.com certainly sends a message. Speaking of messages, saying that a web site is "down for maintenance" makes people believe its compromised. From Logs to Hell! - Log management can be extremely effective at finding compromised, however, take into consideration "Unreachable devices, Supported formats, Performance impacts on the network flows, (De)commissioning of (old)devices, Overlapping in IP subnets and Procedures / follow-up". Early Patch Tuesday Today: Microsoft September 2011 Patches, (Fri, Sep 9th) Apple releases updates for DigiNotar SSL debacle - But what about iOS devices?

Welcome to the Tenable Network Security Podcast - Episode 95 Hosts Paul Asadoorian, Product EvangelistJack Daniel, Product ManagerCarlos Perez, Lead Vulnerability ResearcherRon Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #10". We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Ron Gula on using SecurityCenter's report iterator to create "cooler" detailed reports based on correlated events from the LCE (Log Correlation Engine) Stories OpenSSH 5.9 arrives - New features include a new SHA256-based HMAC (Hash-based Message Authentication Code) transport integrity mode (which will end up being the default) and sandboxing of child processes to prevent communications with other hosts (currently experimental). Its nice to see the OpenSSH project continuing to take security seriously and building in new features. Control 14: Wireless Device Control - Over time I've noticed a decreased awareness of wireless security concerns. If you run a network you should be concerned about actively hardening your end-user systems, actively monitoring the wireless network, and using a tool, such as Nessus (referenced in this article) to detect rogue access points. The problem is compounded by all of the newer wireless technologies that have made their way into your infrastructure, including Bluetooth, ZigBee, 900MHz communications, RFID, and more! The good news is a large percentage of these attacks require an attacker to be in physical proximity of your users or buildings, still making it quite a journey from China or Romania. The Register Gets Hacked Hijacked - Turns out this was DNS hijacking, and affected many more web sites. This shows that security is not only an internal facing activity, but external as well. Here's a good exercise to go through, make a list of all external companies and services that you rely on to run your business. Then, run through exercises to see what would happen if one was compromised. You need to build defenses against these attacks, which is the difficult part. VMware's vShield dash; Why It’s Such A Pain In the Security Ecosystem’s *aaS… - Hoff gives us some insight into how vShield compares to some of the 3rd party vendors products that are similar. More on Microsoft’s response to the DigiNotar compromise - I have to hand it to Microsoft, they have built-in several different checks to prevent someone from being able to control the update process for all Windows computers. The attackers even attempted to issue certificates for "Windowsupdate.com", however since that domain is not in use, the attack was not successful. Microsoft also removed DigiNotar from the CA list immediately. Tech Insight: Three Hardware Tools For Physical Penetration Testing - John Sawyer covers some of the popular methods to performing physical penetration testing, primarily visiting a site and maintaining a backdoor. The tougher part is detection. If an attacker were to drop off a device that plugs into the network, and accepts no incoming connections (layer 3/4 anyhow) and uses 3G to connect back, how would you detect this? You would be limited to physical survey, layer 2 analysis, and cell phone jammers. Not all that attractive options, however it would be neat to review the new MAC addresses coming up on your network and compare them to a list of known access points or network devices (such as the pwn plug). Then again, attackers may just change the MAC address to hide the device type... 4 simple steps to bulletproof laptop security - The list reads like this: Passwords, fingerprint readers, full-disk encryption, and after-the-fact theft protection. No question, you should have "good passwords". You probably should only have two passwords, one for the BIOS and one for the OS itself. Sounds simple, but convenience often wins in the battle for "good passwords". Biometrics can help add another layer, but people tend to put too much faith in this technology, which is easily bypassed with Play-Doh. Full-disk encryption is just a good idea, provided what you are protecting is worth the expense of implementation. You should think about theft protection, rather than reaction. It's simple, when you are not in the office and traveling with your laptop it should never leave your hands or your sight. I follow this rule, however I'm not perfect, and I'd be lying if I said I hadn't ran out of a restaurant realizing I left my laptop in the car that I just handed the keys to the valet. Diebold demos cloud-based ATM - To the cloud! Working with VMware, Diebold has developed an ATM that has no on-board computer: "Virtualisation removes the onboard computer from the ATM, tying each terminal single server running many "virtual" ATMs. This consolidation allows greater control and therefore better security, at least in theory. Far from offering a single point of failure, this approach would also allow faster failure recovery and more rapid software upgrades and services deployment, leading to an overall increase in ATM uptime, according to Diebold." Apple loses iPhones, seeks security experts - Apple is still suffering from the problem of "leaks", as is the case with the latest revision of the iPhone. Should this top Apple's concerns or should they focus on securing their platforms instead? I wonder if it's more a concern of public image rather than competition, as I believe it would be difficult to replicate the iPhone's features if you got a pre-released phone a month before launch. Or, is this just all publicity by Apple to build buzz before a product's release?

Welcome to the Tenable Network Security Podcast - Episode 94 Hosts: Paul Asadoorian, Product EvangelistRon Gula, CEO/CTOJack Daniel, Product ManagerCarlos Perez, Lead Vulnerability Researcher Announcements Several new blog posts have been published this week, including: Tenable Ranks 17th Among Security Companies on Inc. 5000 Junos Local Patch Checking Support Added to Nessus The Top Ten Things You Didn't Know About Nessus - #10 Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #10". We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories One Third Of Security Pros Not Practicing What They Preach - "Survey shows security pros breaking security policies for convenience, and overall difficulty in making major changes to security technologies and strategies" - An interview with our very own Ron Gula. "TaoSecurity Security Effectiveness Model" - A good reminder that we should consider the motivations of attackers when planning your defenses. "Details of the RSA Hack" - Turns out it was an email to HR applying for a job. I can't tell you how many times this has been successful on penetration test. "Morto Windows Worm spreading via RDP Remote Desktop Connections" - A password brute-forcing worm is being successful, this should not be the case! "Tenable Ranks 17th Among Security Companies on Inc. 5000" - Hey wait, that's us! "Malicious infections enter 99% of enterprise networks" - I remember ten years ago consulting with organizations on security. I would tell them that if systems on their network had "spyware", they were in fact compromised. It seems we have not learned from the past, and still overlook malware on the desktops as a primary threat. "Digital Certificate Authority Hacked - While its bad when this happens, the important defensive measure it to discover it as quickly as possible and revoke certificates and update CA lists. "Digital Hit Men for Hire Krebs on Security" - I love stories such as this that provide insight into the world of "cyber crime". The Urban Legend of Multipass Hard Disk Overwrite - I re-write 20,000,000 times, then I break out the sledge hammer, is that overkill? Universities Account for a Higher Number of Breaches - Having worked in this space, and commented on University security a lot, I'm curious to hear from others on the show.

Welcome to the Tenable Network Security Podcast - Episode 93 Hosts: Paul Asadoorian, Product EvangelistRon Gula, CEO/CTOJack Daniel, Product ManagerCarlos Perez, Lead Vulnerability Researcher Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch auditing using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories How to Prevent IT Sabotage Inside Your Company - Each week I read in the news about yet another company that was "hacked" by a former employee. These are low frequency (compared to common malware), but highly destructive attacks. Good IT practices, closely coupled with HR, really helps limit the damage. If We Are Turning Off Social Media, I Want News Channels Shut Down, Too - What's more accurate, news channels or Twitter? Accelerometer Used to Log Smartphone Keystrokes - "The researchers were able to correlate the acceleration measured when tapping individual number keys to the specific key pressed with an accuracy of more than 70 per cent. In contrast to the camera, microphone and GPS sensor, the accelerometer (some devices also contain a gyroscope) is not viewed as a security risk. Apps do not typically require special privileges to monitor a device's movements." Tech Insight: Cutting-Edge Techniques for Data Exfiltration - I like this one: "The third option leverages an email-to-fax interface, where an internal email address receives files that can be faxed anywhere. Similarly, an attacker could leverage a multifunction printer that has the ability to scan directly to a fax number or email address." Think that people will look at the security of printers and multi-function devices now? Why isn't this type of stuff included in compliance audits (or is it?). Insulin Pump Attack Prompts Call for Federal Probe A representative of Medtronic, one of several companies that make such devices, has been quoted as saying: “To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.” - First, how can they be so sure. Second, just because it has never reportedly happened in the past, doesn't mean it won't happen now! This is the same old excuse of, "Well, no one has hacked us before." Expect to Hear "IDS is Dead" (Again) - Wow, haven't heard that in a while! So, now that we're on the subject, is IDS dead today? What are some of the arguments for keeping IDS? Also, if it can detect it, should it prevent it too? Collar Bomber Gets Owned by Word Metadata USB Drive - Let me start off by saying that thankfully this turned out to be a hoax. However, someone did break into another person's home and put a necklace around a child with a box attached, claiming it was a bomb. This gets even more bizarre and scary, as the ransom note was left on a USB thumb drive. Metadata analysis found that the person had made a Word doc version, that included their first name and the first letter of their last name. He was promptly found and arrested. Logs - The Foundation of Good Security Monitoring, (Sun, Aug 21st) - Hurray! Logs are a good foundation, however you have to check them for them to be useful. How often should you check your logs? Inter-Company Invoice Emails Carry Malware - This is not a new idea, but got me thinking about how we once worried about email attacks (e.g. the "ILOVEYOU" virus) then we were worrying about network worms, and now we're right back to worrying about email again. Seems to me that the "inter-company email malware" is just another form a of a worm, or a means to spread evil internally. Security Software Engineering Reality - This is an outstanding representation of how software development, not just security software, can go, well, horribly wrong. Flashy Cars Got Spam Kingpin Mugged - So, imagine you are this big shot Russian SPAM/online pharmaceuticals rep. Okay, now imagine you are car shopping, but you have to take into account that someone will steal your car if it's too flashy. Ha! Justice perhaps? Download Tenable Podcast Episode 93

Welcome to the Tenable Network Security Podcast - Episode Episode 92 Hosts: Paul Asadoorian, Product Evangelist Ron Gula, CEO/CTO Carlos Perez, Lead Vulnerability Researcher Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch auditing using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories SILENT BUG IS SILENT. - A seemingly well-known bug in Internet Explorer, which allows for privilege escalation within IE itself, has been silently fixed. The bug allows processes in low integrity mode to execute processes in medium integrity mode. A remote exploit in IE is required to take advantage of this flaw, which has been patched. Blow Your Own Horn - This article describes a series of talks in which the presenter was to offer situations in information security where they "won". An elevator speech if you will, and one such example was this: "Last year you (the Board) approved purchase of a $50,000 license fee for AV software on the email server. This past month, records show it stopped 1 million viruses, which would otherwise have gotten through. Had they been run, they would have cost $500 each (estimated industry average) to clean up. Therefore, your prescient decision to spend $50,000 has returned $500,000,000 to the company."Is that a "win" or an example of socially engineering management? Anonymous hacks BART, creating even more innocent victims - Anonymous hacks San Francisco's BART (Bay Area Rapid Transit) system. "They performed a SQL injection (SQLi) attack against the site and were able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes." Begs the question, what are the motives of Anonymous? Do they wish to expose user data to hurt the users themselves, hurt the target organization to make an example, or are they funded by organizations for political or capital gain? I'm not sure what is to gain by attacking this system, but certainly begs the question. XSS on eBay's site - The problem seems to crop up in eBay's sub-domains, which could mean that the main eBay site gets all of the attention, leaving the sub-domains vulnerable to easy find and fix XSS vulnerabilities. Device finds child porn on WiFi - It's refreshing to see technology being used for good, rather than evil. A recent example is Fluke Networks Aircheck WiFi device that can detect child pornography on open and encrypted WiFi networks. Also: "This device can also be used against identity theft, Internet stalking and even online phishing scams."Nice, I wonder if it does in fact break the encryption on WiFi networks if permission, e.g. a warrant, is required? Microsoft patches 1990s-era 'Ping of Death' - Microsoft released MS11-064, which fixed the infamous "Ping Of Death" vulnerability in the Windows TCP/IP stack. "...appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s. The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003. Others were less concerned with the new Ping of Death problem. "It's definitely an old-school kind of attack," said Sarwate of Qualys. "But if it is exploited, I think it would be more on the prank side."" Defcon: VoIP makes a good platform for controlling Botnets - This is one of the most interesting Botnet command and control channel implementations I've seen in some time. Using "MoshiMoshi", open-source software that converts DTMF tones to bits and bytes, they can use it to communicate with the bots. This is difficult to detect, as VoIP networks are typically separate and often not monitored for this type of communications. However, if you were to look closely at the session data, you may be able to pick up on anomalies such as long sessions, or in this case long phone calls or phone calls with specific patterns. Download Tenable Podcast Episode 92

Welcome to the Tenable Network Security Podcast - Episode 90 Hosts: Paul Asadoorian, Product Evangelist Ron Gula, CEO/CTO Carlos Perez, Lead Vulnerability Researcher Jack Daniel, Product Manager Announcements Several new blog posts have been published this week, including: Security, Log Management & Burying Stumps Enabling Nessus on BackTrack 5 - The Official Guide Microsoft Patch Tuesday Roundup - July 2011 LCE WMI Monitor Agent 3.6.0 Now Available Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories Could hackers set fire to your Apple battery with a virus? - Hiding in battery firmware is a really neat way to plant a backdoor. US-CERT Director Leaves Abruptly - Could it be that the latest string of attacks against government agencies was too much for the director of US-CERT? Bypassing Software Restriction Polices.. With one Wicked Clown - Breaking out of software restrictions gives you access to more Windows commands to compromise the domain. Massive botnet 'indestructible,' say researchers - Using encryption and P2P technologies is not new, neither is hiding in the boot sector, what makes "TDL-4" indestructible? Is your IT support making you vulnerable to hackers? - Allowing easy remote access doesn't always equate to security. This also reminds me of how easy it is to socially engineer the help desk. Pfizer’s Facebook hacked in AntiSec hit - This is truly a measure of how important social media has become, when a major companies Facebook page getting hacked is major news. wifuzz: A Access Point 802.11 Stack Fuzzer! - Compromising the access point is far more evil that most people believe, and this tool allows you to fuzz the 802.11 stack to do just that: take over the access point. What would be even better is to compromise an entire string of access points... Weekend Project: Use HoneyD on Linux to Fool Attackers - I want to see more people using honeypots and honeynets to put context around security events. We need to break the sterotype of "Honeypots are systems that we let attackers break into", and move it towards: "Honeypots are systems that we use to collect information about the bad guys". Apple Releases iOS 5 Beta 4 With Over-the-Air Updates - Finally! While iOS may look far better security-wise than Android, largely due to the closed application market, few non-techies apply software updates to their phones. Hopefully doing it "over-the-air" will help make it easier for people to apply updates and security fixes. Download Tenable Podcast Episode 90

Welcome to the Tenable Network Security Podcast - Episode 89 Hosts: Paul Asadoorian, Product Evangelist Ron Gula, CEO/CTO Carlos Perez, Lead Vulnerability Researcher Jack Daniel, Product Manager Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories Facebook blocks a second contact export tool - Information, in the right context, can be quite powerful and expose your privacy. Facebook recently blocked Google+ from exporting your list of Facebook friends' names (not email addresses). When you put this in the context of attacks, knowing the names of someone's friends on Facebook could be quite valuable for social engineering. Space Shuttle: good riddance - I won't pretend to know the details of the space program, but Robert Graham does a nice job of relating it to information security. The problem is preservation and complexity. In the Space Program model, they implemented the preservation and re-use model, trying to re-use as many parts as possible. However, this makes things much more complex. We tend to do the same thing with security and information technology. I hope that we are seeing a shift from permanent client desktop computers and servers, to "throwaway" workstations and virtualization. The simpler you make the environment, the easier it is to implement security. For example, if client desktops can be re-imaged quickly, that's a huge advantage. Microsoft to fix critical vulnerability in Windows 7 and Vista - More critical vulnerabilities to patch, including a remotely exploitable hole that affects Windows Vista and 7. Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices - The security of your phone is increasingly more important. I was talking to some folks yesterday and they were talking about how your phone will be the only thing you carry. It will replace your wallet, serve as your connection to the Internet for email/web, and allow you to communicate (if it's with anyone under the age of 30 it will be text messaging). The security of this platform is important, and even more so allowing the users operate them securely, which right now is difficult. Abusing Password Resets - Simple things, such as building in account lockouts and generic login failure messages, go a long way to protecting your web application. Of course, you should also be able to easily detect and respond to brute force attempts as they are pretty "noisy". Cisco VPN Client Unsafe Permissions Lets Local Users Gain Elevated Privileges - Making it difficult for attackers to escalate privileges on your systems is important to your defensive strategy. I have run into systems that are secured in this way, and it can go a long way to protecting your information. It forces the attacker to leave a larger fingerprint when multiple attempts fail. However, it's not an easy thing to accomplish as it only takes one client software program to have a bug in order to circumvent your security. Download Tenable Podcast Episode 89

Welcome to the Tenable Network Security Podcast - Episode 88 Hosts: Paul Asadoorian, Product Evangelist Announcements Two new blog posts have been published to the Tenable Blog: Making It Easier To Perform Credentialed Scanning & Auditing Advanced Vulnerability Scanning Using Nessus Course Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Interview: Jesse Kornblum Jesse Kornblum is a Computer Forensics Research Guru with the Kyrus Technology corporation (yes, that's his official title). Jesse joins us to talk about computer forensics and current events, including: Various utilities Jesse has written over the years to aid with computer forensics. A new tool called "Carbon Black" which "monitors key points on the operating system and gathers data that is useful to intrusion responders and system administrators for security and compliance functions." Download Tenable Podcast Episode 88

Download Tenablepodcast-episode85Welcome to the Tenable Network Security Podcast - Episode 85 Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more! Stories RSA finally comes clean: SecurID is compromised - It turns out to be true: attackers possess the seed values for the tokens and the encryption algorithm is already public. RSA says they withheld the information because they did not want to tell attackers how to implement attacks, but it turns out evil bad guys figured it out and used it to attack Lockheed Martin. RSA will now replace all 40 million+ SecurID tokens worldwide. Ouch. This is a breach that cost RSA dearly, in terms of money and reputation. Detecting New Hardware by Ethernet Address - Detecting new hosts that have connected to your network can provide some interesting events to analyze. For example, if all of a sudden you have 30 new hosts on your servers' subnet, there may be something wrong, such as one host impersonating multiple systems or other layer 2 attacks. Chinese army: We really need to get into cyber warfare - I believe China gets blamed for a lot of attacks, both "cyber" and real-world. I also believe they are putting massive efforts into "cyber warfare"; whatever that means to you, they are most certainly directing attention to techniques that use computers and networks as a part of "warfare". They claim to be much farther behind than most believe, stating "Just as nuclear warfare was the strategic war of the industrial era, cyber-warfare has become the strategic war of the information era, and this has become a form of battle that is massively destructive and concerns the life and death of nations." Apple iOS: Why it's the most secure OS, period - Their reasons are far over-stated, almost as if Apple wrote this article themselves! They list five reasons why iOS is more secure than most desktop applications, and they are less than compelling (in my opinion anyhow): A sandbox isolates programs and iOS's memory - Okay, this may be the one thing that actually does contribute to a more secure platform. However, desktop operating systems have had similar protections (DEP, ASLR) for quite some time now. It's clear that mobile platforms are still playing catch up. Applications are vetted by Apple - Apple must have some serious resources dedicated to reviewing code. Even so, there is a fundamental problem with this: once an application is vetted, the code can change and updates to apps will modify the function of the app. For example, a perfectly legitimate Flashlight app may allow tethering. Sure, Apple may find it, but only after thousands of people install it. And really, how do you control what 425,000 apps are doing? Patches can be quickly applied - While patches can be released, there is nothing forcing the user to apply them. In fact, many people report that "non-techie" iPhone users never apply iOS updates, or even plug the phone into the computer. The software is regularly reviewed - Review all you want, there will still be vulnerabilities. Attackers still target smartphones far less than desktop systems - This has to be the most ridiculous part of the article. It's like saying, "No one breaks into the homes in my neighborhood, so I leave my doors unlocked and windows open". So why are senior U.S. officials using Gmail? - Turns out this problem is twofold: 1) many government agencies are moving to Gmail as their email platform and 2) many people keep two email accounts, one for corporate/government use and one for personal stuff. The problem with the latter is that people forward "work" emails to their personal accounts. I hate to say it, but I will say it anyway: sometimes PGP is the answer. Now, that only solves part of the problem, but it certainly helps. 8 security considerations for IPv6 deployment - I want to address just one statement in this article (which is a great article, so you should read the whole thing): Many users may be obscured behind fixed sets of addresses. Obscuring users behind large network address translation protocol translation (NAT-PT) devices could break useful functions like geolocation or tools that enable attribution of malicious network behaviors, and make number and namespace reputation-based security controls more problematic. I believe there is something to be said for not giving all your systems routable IP address space on the Internet. It makes attacking those systems just a little bit harder. I also don't believe that NAT is that difficult to implement, nor is it that tough to keep documentation of IP address mappings. I've seen large environments go from internal to external and vice versa, and the results when everyone has a routable IP address are not good. vCash, Crypto, and Anonymization Equals Drugs to Your Door - A new form of currency is being created called "bitcoins". It's a new digital currency, and some say it could undermine real currency and be used to buy illegal goods and services. MS Web Application Configuration Analyzer - The rule checks were determined by Microsoft's own Information Security & Risk Management review team, whose job it is to harden pre-production and production servers within Microsoft. These checks are now being shared with the public. We often get hung up on firewalls, WAFs, IPS, IDS, and anti-virus. I'd like to see all of us get back to basics and ask yourselves the question: "Are my systems configured properly?" as I believe this goes so much further than "stop-gap" protections. Worm uses built-in DHCP server to spread - It then scans for available addresses on that network and launches its own DHCP server. When another machine on the LAN makes a DHCP request, it attempts to answer before the legitimate DHCP server, sending an IP address from the pool of previously gathered addresses, the gateway address as configured on the infected system and, for DNS, the IP address of the criminals' maliciously configured DNS server. It's nice, or rather not-so-nice, to see this attack being automated in common malware. It's an attack that most penetration testers have used for years, and many have defended against in the past. However, it has always been a localized one-off type of attack. Now it's embedded inside malware so you better be able to detect and defend against it. I once knew of folks configuring their switches to detect so-called "rogue DHCP servers". Logging Isn't Hard -- Getting Started Is - Considering how ridiculously low-cost hard drive storage is, there's no reason why the smallest SMB can't set up a server with a 1- to 2-terabyte hard drive to serve as central collection point. I couldn't agree more. My first SEIM was a Linux server with as much disk space as I could afford. It ran syslog and I pointed logs from as many devices and systems as I could at it, and then used sed/awk/grep to find events of interest. Of course, there are better solutions that exist today, but if you can get started on the cheap, then you have a better chance of showing management the benefits and getting something with more features. Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - security vulnerabilities database - Cisco Unified IP Phones 7900 Series devices are affected by a signature verification bypass vulnerability that could allow an authenticated attacker to load a software image without verification of its signature. This vulnerability allows an attacker to upload new firmware to the phone. This can be a very stealthy form of eavesdropping. Who's going to know that one of their phones is compromised? Download Tenable Podcast Episode 85

Welcome to the Tenable Network Security Podcast - Episode 65 Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Researcher Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new 3D Tool Beta. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories Nessus Viewer v1.0.0 released - The web site states: "Nessus Viewer enables IT Security auditors and penetration testers to quickly navigate inside Nessus reports by sorting and filtering each entry. It is able to import Nessus XML v2 reports and filter them by IP, host name, plugin name, operating system, keywords… It can also parse plugin outputs to extract and build clickable lists of web servers, Windows users, missing patches and much more." I think it's great to see a tool like this to help people with with Nessus data in specific cases. Hacking your car for fun and profit - Researchers make an interesting statement about the various control systems in your car: they are plugged into a hub network, not a switch. This means there is no separation between systems, so if you gain access to the car, you gain access to all systems, including safety, brakes, etc. This is not a huge problem for now because cars are not connected to the Internet. Oh wait, enter the Chevy Volt, the first car to have an IP address (so I am told). Internet ID For All Americans - "Possible methods of creating a ‘trusted identity’ could include issuing a ‘smart card’ or digital certificates that would prove that online users are who they say they are. They could then be used to buy goods and carry out financial transactions on the Internet." We're Running Out Of IPv4 Address Space! - Seems that I hear this every year, that this will be the year when we run out of IP addresses. They always point to the fact that all kinds of devices, such as TVs, BlueRay players, Tivos, alarm clocks, and toasters will have an IP address. I have to say, I have a lot of devices on my home network. I love technology and get my hands on as much network-connected stuff as possible. I have a private subnet that can address 253 devices. I could use a Class A if I wanted to, and I still only need one public IP address. So, I fail to see the rush to IPv6, which I am pretty sure will not solve the security problem, but create more problems as people find more problems with IPv6 security. Researcher Develops Password Hacking Software for Wi-Fi Networks Using Amazon Web Services - Don't get me wrong, I think this is a very useful way to attack WPA-PSK. Using "the cloud" to brute-force passwords has lowered the security of the password even further (if that was at all possible). However, is the defense against this attack simply to generate a random 16 character string and use that as a password? Of course, this is not user-friendly, so people tend to choose weaker keys. In the end, we are exploiting the human, not the technology. Final Fifteen - Web Hacking Techniques - There are some really cool techniques in this list. I strongly suggest to our listeners that you review this list and learn about all of these techniques. Download Tenable Podcast Episode 65

Welcome to the Tenable Network Security Podcast - Episode 64 Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO Announcements Several new blog posts have been published this week, including: Log Correlation Engine 3.6 – Now with its own GUI SSL Certificate Authority Auditing with Nessus SecurityCenter 4 Receives FDCC and SCAP Validated Tool Certification 3D Tool beta Video Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new 3D Tool Beta. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories A router that runs the Tor software prevents Web tracking - While off-loading your Tor traffic routing and encryption to your home router may sound appealing, Tor comes with its own set of caveats. For example, how can you be certain the Tor exit node you are using is not operated by someone with malicious intent? For general web browsing it can be problematic, as the exit node you go through may be in another country with restrictions on content that can be viewed. Tor does a great job of providing anonymity, however use caution when sending your data over this network as someone could be listening. Breaking GSM Using a $15 Phone - This is the same thing as Wifi. In the beginning, it was really expensive to eavesdrop on Wifi. So, people implemented no security. Then more people sniffed Wifi, so they came up with WEP. WEP was easily broken, and the cost of Wifi sniffing plummeted. SO they came up with WPA. The problem is that people still THINK Wifi is secure, when its really not. GSM seems to be going through a very similar evolution. Wikileaks Targets - Interesting little rumbling of Wikileaks having information on Bank Of America. Recent reports are stating this is not untrue. My fear is that even speculation could be damaging. thicknet: starting wars and funny hats - This has to be one of the best blog posts I've read in quite some time (aside from any of Ron's posts of course). The concept is pretty simple, its like your cutting in at a dance and stealing the homecoming queen, but with technology. Using TCP, some Perl scripts, and MiTM, you can steal sessions and do whatever you want with them. Why wait for sensitive data to be passed? Just steal the session, send a query/request for sensitive data, and be done. I really love this technique. 2011 Predictions - This section left blank intentionally. No seriously, as a general rule of thumb I don't make predictions. They tend to be not based on fact and not really all that helpful. It is fun to speculate, but take it for what its worth, speculation. However, we can tell you about some of the things that Tenable is working on for 2011. Download Tenable Podcast Episode 64

Welcome to the Tenable Network Security Podcast - Episode 63 Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Research Engineer Announcements Several new blog posts have been published this week, including: Microsoft Patch Tuesday Roundup - December 2010 - "Bad Santa" Edition Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new 3D Tool Beta. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories Cisco IOS Hacking Information - Everything from protocol attacks, remote exploitation and forensics is covered in this handy little page from the folks over at "Recurity" (Home of "FX", famed printer and router hacker). I believe people have lost sight of Cisco IOS security. Cisco devices need to be locked down and secured even more than most of your computers and workstations, yet security is almost an afterthought after availability, scalability, and cost. JavaScript Portscanner Using HTML5 - This is a neat little extension Little Black Box - Kind of a little black book, but for SSL! Several applications and devices come with privately generated SSL keys. This tool stores all the ones they could find and allows you to use them for MiTM and decrypting traffic. Brilliant! Using Powershell To Bypass Windows Protections - Each month Microsoft says that users with less privileges are less susceptible to attacks because they are not running as Administrator. Each week I read about a new privilege escalation attack, such as this one that uses Windows Powershell to overcome restrictions placed on the "sa" account associated with MSSQL. Watch Out For Exim - Nice write up from Ron Bowes on the Exim vulnerability. We've released a Nessus plugin to check for it. HP StorageWorks P2000 G3 MSA hardcoded user - This is just so fitting to be my last story of the year for the podcast. It shows just how bad the fail is when it comes to embedded devices. Download Tenable Podcast Episode 63

Welcome to the Tenable Network Security Podcast - Episode 62 Hosts: Paul Asadoorian, Product Evangelist Announcements Several new blog posts have been published this week, including: Using Nessus For Host Discovery If an exploit falls in the forest, does anyone hear it being patched? Don't forget to sign up for Advanced SIEM Webinar Series - November through December Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new Nessus Perimeter scanning service. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories SQLi Cheat Sheet - It amazes me just how many different ways of doing the same thing are built into our technologies. This exists in almost every programming language; there have always been multiple ways to write different code that accomplishes the same goals. Unfortunately, attackers use this to their advantage to evade filters. This one just happens to be for SQLi, and if you are a penetration tester this is a handy reference. However, if an attacker is trying to exploit this against live systems, you should be able to detect these attempts. Also, if an attacker can run these tests offline in an environment mirroring what the target has in production, you can be very successful. To combat this threat I want to stress really securing your environment, which means plugging all those information leaks that seem to be all too common in web applications. j0llydmper - Attackers will use any means necessary to collect sensitive information. This includes the program j0llydmper, which runs as a Windows service and dumps selected files from USB drives to a select location on the disk for easy recovery. I believe it's going to be tough to identify malware in the coming years, as it will likely try to do things that are normal, like copying files and not doing things like writing registry entries, etc. BeEF - Browser Exploitation Framework Updated - BeEF is becoming one of the more dangerous penetration testing tools out there. It's nice to see it gain momentum and get updated, as it can really put context around web application attacks such as XSS. For me, it seems logical, as it quite easily evades firewalls, antivirus, patching, IDS and several other technologies. When I speak to people about defense, still to this day, many do not completely understand the attack vector, let alone tune their networks to detect and prevent browser-based attacks. Josh Wright has one of the most enlightening quotes that was posted on the PaulDotCom Mailing list: "I owned the network with a HSRP MITM attack, followed by Ettercap+etterfilter injection to serve up malicious PDFs in 1x1 iframes". This is a great example of how attackers are able to be successful, and as far as defense goes, it's not an easy answer. Abusing Open Web Proxies - It's weeks like this that just make me want to cry when I think about defense. The scary part is, open web proxies have been around since the beginning of time (er, "The Internet" anyhow). Attackers are using anonymous, stealthy proxies to do things like brute force login and password combinations for popular web sites. One could also use these proxies to attack web sites anonymously, giving protection mechanisms such as IDS, IPS and WAFs a run for their money. I think it boils down to: you have to have a web site that is hardened to the max to survive in today's Internet. Military Bans Removable Media To Curb Leaks - While this may seem logical, it's difficult to enforce. You can hide a USB thumb drive just about anywhere (pause for laughter). If you can control the computers, you can physically disable the USB ports, which forces someone to bring in their own computer to steal information. Gawker web site CMS and database compromised - 1.3 million users' account information has been stolen and published via Bittorrent. How did this happen? Your guess is as good as mine, and it looks like someone is in need of some application security. Tenable Pocast Episode 62 Direct Download

Welcome to the Tenable Network Security Podcast - Episode 61 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements Don't forget to sign up for Advanced SIEM Webinar Series - November through December Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new Nessus Perimeter scanning service. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories Metasploit Meterpreter scripts for privilege escalation - Every month Microsoft releases the security bulletins, and many of the remote exploit threats are describes as somewhat "mitigated" if the user is not running as an administrator. I believe that techniques, such as the ones presented in this post, are reasons why we all need to re-adjust our perception of risk as escalation of privilege is now commonplace. For example, a new Metasploit module was released that will "...interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP." Nice... Packet Payloads, Encryption, and Bacon - Great post on how to analyze a packet dump to determine if the data is encrypted, multiple techniques are presented. It's always a good idea to make sure that if you expect data to be encrypted, at some point you sniff the traffic and check it! There are no more internal applications - I think a great point to add to this would be that if you give your users access to the Internet, you shouldn't use the word "internal" in the context of security and risk. D-Link DIR Series routers authentication bypass - Here's a great example of a vulnerability that will largely go unnoticed, but in the right (or wrong) hands could lead to compromise. Through a PHP script in the admin interface, the admin username and password could be changed. Identification of these routers is not difficult, as I discussed in my recent embedded hacking talk. An attacker could place code on any web site that changes the admin password and enables remote administration of the device and gain access to people's routers. So far, models D-Link DIR-300, DIR-320, DIR-600 and DIR-615 are confirmed as vulnerable. Software patches have been released, but who applies them anyway? Malware Encrypts Hard drive, demands ransom - Remember when 99% of all viruses would infect the boot sector and destroy your computer? Fast forward to today and your hard drive gets encrypted, then the malware demands payment and ransom. Actually, I wish more malware would do this. I think its really a wake up call for security as it puts the user in quite the predicament! Know what's on your network - I ask this of you: if someone installed a device on your network, would you know? In most cases if someone put an embedded system on the network, you could detect it. However, if it was firewalled off properly and simply sniffed traffic and conducted passive attacks, this could get tricky. I've always theorized that trojaned hardware could bypass most people's security, and most believe it to be an urban myth. It would require physical access, but have a high degree of success. Download Tenable Podcast Episode 61

Welcome to the Tenable Network Security Podcast - Episode 60 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements A new blog posts has been published this week: Scanning For Default & Common Credentials Using Nessus Don't forget to sign up for Advanced SIEM Webinar Series - November through December Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories SSL: the sites which don't want to protect their users - With it being "Cyber Monday", I thought this post was timely. Whacking Moles - It's neat that defenders still like to play the process "whacking" game, even though you can execute everything in memory using an already existing process. It does make for fun command line kung fu though, which I still think is handy if you are a systems administrator. Windows "0-Day" Flaw Bypasses UAC - There are many users who believe either one of two things about UAC: 1) "Wow, this really helps me be secure!" or 2) "Wow, this is annoying, turning it off now". In either case, the user is in a bad situation. Believing that something can keep you secure often leads to a quick downfall. You're Only As Secure As Your DNS Servers - As Secunia found out, you should have some pretty tight security around your DNS server, especially if you run a service where users can scan their PCs for outdated software. Wow, wouldn't that be a neat database for an attacker to get their hands on! Apple iOS Networking Packet Filter Rule Invalid Pointer Access Local Privilege Escalation - Remote attacks against iPhones would be bad as they are easy to identify on the network. You could even target just AT&T address space. ZeuS variant only infects super-fast PCs - Malware authors are looking to evade detection and analysis, rather than just harness computing power. Even a bunch of slow PCs can do a lot of "evil bidding". Download Tenable Podcast Episode 60

Welcome to the Tenable Network Security Podcast - Episode 59 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Special Guest: Carlos Perez, Lead Vulnerability Research Engineer Announcements Don't forget to sign up for Advanced SIEM Webinar Series - November through December Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories Nessus Plugin 50658: Stuxnet Detection (uncredentialed check) - Stuxnet has been one of the most talked about pieces of malware this year. Nessus can now detect Stuxnet on the network! Passwords Are Not Safe - Each week I keep seeing more powerful GPUs, cheaper prices on the hardware, and more software becoming available for intense password cracking. You could build a machine with multiple CPUs, tons of RAM, and multiple GPU cards for well under $5,000 and crack passwords at lightning speed. I think we need to move beyond passwords and require another form of authentication in addition to the password. This seems so simple, why don't we do it? "That's Too Hard" - We've all heard it before, the "that's too hard" excuse when it comes to information security. A much better excuse is "That doesn't align with our business goals or acceptable risk levels". Dave outlines several common areas where the "it's too hard" excuse comes in, such as application whitelisting, secure coding, and outbound network ACLs and filtering. He also mentions the "cowboy culture in IT". I agree, some administrators are too quick to pull the trigger and change management can help. However, I've been in a situation where I had to jump in and "save the day" (capes may have even been involved) and my entire group was labeled as "cowboys". This really hurt our reputation in the organization and made things difficult for us for quite some time. Be careful with change management and cowboys, because it is a double-edged sword. On Security Conference Themes: Offense *Versus* Defense – Or, Can You Code? - I agree, offense is sexy, it's definable, and it's demonstrable. However, what about defense? Many security conferences are filled with talks about the latest and greatest ways in which to penetrate systems. That's great, and don't get me wrong, I love talking about offense. However, defense is important, except it's not as sexy, not as definable (well, at least it's different for each person/organization), and it's not as demonstrable. One of the things I will be working on in the next few months: making defense sexy. Nessus Parsing 101 - This is a great little write-up that shows you how to implement some Bash scripts to do basic parsing of NBE files. While I use many different methods to parse, sort and create reports from Nessus results, sometimes a quick and dirty Bash command is the best method, and this tutorial does a nice job! Download Tenable Podcast Episode 59

Welcome to the Tenable Network Security Podcast - Episode 58 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements Several new blog posts have been published this week, including: Advanced SIEM Webinar Series - November through December Nessus 4.4 Introduction Webinar - November 17th 1:00PM EST Nessus 4.4.0 Released! Microsoft Patch Tuesday Roundup - November 2010 - "Stuck In The Mud" Edition Advanced Web Application Scanning Using Nessus Video Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! News Stories & Articles 4 Reasons Why You Should Upgrade To Nessus 4.4.0 (Digital Bond) - Nice post from the folks over at Digital Bond! It outlines some of the major new features and some (like the ability to cipher the Nessus data) that you may have missed. Of course the big feature is scheduling! New Google Hacking Database Being Hosted and Maintained by Exploit-DB - So glad to see this back! GHDB has been a great source of information for identifying exposed information indexed by Google. The new interface is slick and there is a description of each "Dork" with a direct link to execute that search. This may be a good time to review your robots.txt entries. Can't we all just use the same WPA-PSK and be safe? - No, and no, and oh wait, a thousand times NO. On a WPA-PSK network everyone shares the key, and this means everyone can eavesdrop on each other. Nice job of this article pointing out flaws in another article that was suggesting we all agree on a WPA-PSK value, such as "free", to protect ourselves from Firesheep! How to secure your centos - I just have to say, this is a great web site with lots of useful tips on hardening CentOS. I've really been liking CentOS lately, and as Debian frustrates me even more, I am gravitating towards CentOS for my Linux server deployments. Also, Tenable's enterprise products have excellent coverage for CentOS. All-In-One ATM Skimmers - This article outlines some of the features sought after by ATM card skimmers, who stand to make some decent money. However, they do have to physically visit the machine if they are using this device. Brian Krebs does a lot of great work in the area of uncovering how the bad guys are operating. I think its important for us to understand physical security and how it interacts with data security. Searching for Sensitive Data Using URL Shorteners - Ever wonder what type of URLs people shorten? Well, the author of this post did and wrote a script to pull shortened URLs, and to no one's surprise, found sensitive information and other interesting things. Direct Download for Episode 58

Welcome to the Tenable Network Security Podcast - Episode 57 Hosts: Paul Asadoorian, Product Evangelist Announcements Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Interview with Dennis Brown "Dennis Brown is a research engineer for Tenable Network Security. He specializes in malware analysis with a penchant for botnet research. Dennis has spoken previously at Defcon 18, Toorcon 10 and 11 and on the PaulDotCom security podcast. He also organizes the DC401 hacker group in Rhode Island and the QuahogCon security conference." Dennis recently gave a presentation titled "Resilient Botnet Command and Control with Tor" at HiTB Malasia and Toorcon 13. Dennis and I discussed the following topics: I was working for a University when Tor first became popular. This presented many challenges, students were using it to evade detection by the RIAA/MPAA, attackers were using it to launch attacks against us, and I even encountered a few Tor exit nodes in my time. How has the Tor network evolved over time? Which botnets have been observed in the wild using Tor? What is a private Tor network? How do you build a private Tor network? Is it easy? How does using Tor affect speed? Does this impact the botnet, and how so? What is an HTTP hidden service? Tor3web proxy? How does this all work to mask the botnet's command and control channel? I always though that encryption would be the end of the good guys fight against malware, but largely that has turned out not to be true or has it? It seems that masking the command and control channel produces the highest rate of success for a botnet, how does Tor help the bad guys accomplish this? How can we detect botnets using Tor? Direct Download Link - Episode 57

Welcome to the Tenable Network Security Podcast - Episode 56 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements Several new blog posts have been published this week, including: Plugin Spotlight: D-Link DCC Protocol Security Bypass Integrating Nikto with Nessus Video Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories SCADA Vendors Still Need Security Wake Up Call - Security researcher and member of the Tenable Research Team Jeremy Brown brings light to vulnerabilities in SCADA systems. I have been observing this behavior from vendors for quite some time (and not just in SCADA) and that is they don't want to admit there is a problem. You can look at this two ways: if I want to take over the world and cause mass hysteria and carnage, I could write exploits for control systems and take them over. Then again, finding a 0-day vulnerability in Windows XP and writing an exploit for it could have the same results. However, the general "feeling" I get from SCADA vendors is they are very distant from the security culture and processes. This has to change. Cross-platform malware runs on Windows, Mac and Linux - This malware pretends to show you a video; it turns out it's a slide show from "Hot or Not" and in the background the malware installs a Java applet, asks you to trust it, and if you click "Allow" it downloads files to your computer and runs them. This is a very scary technique that has been most effective, both for penetration testers and evil bad guys alike. iPhone, meet Wireshark - Capturing Traffic from Mobile Devices - You could really do this with any mobile phone. It could be fun to open multiple applications and see what data they are sending and receiving, and identify if encryption is or isn't being used. BIOS Password Backdoors in Laptops - It really amazes me how vendors can just forget about security completely. According to this article, if you enter an incorrect BIOS password 3 times most systems will display a warning message that says "System Disabled" along with a checksum value. The checksum value can then be used to derive the real password via cracking methods published in several scripts released by the author. Evilgrade gets an upgrade - There are now 63 modules in the Evilgrade framework, allowing attackers to intercept the update process of several popular applications and install software of their choosing. You do need to be "in the middle" to make this attack happen, however it can easily bypass antivirus and give you access to fully patched systems, or even turn a fully patched system in to a not-so-fully-patched-system. [Insert Token Adobe Zero Day Vulnerability Warning Here] - End of message. No, seriously, there are more flaws being found in Adobe products, including Flash and Reader. My only suggestion is to take a look at FX's presentation from Black Hat 2010 called "Countering Flash Exploits". The overview is that they are working on software that looks at what an application does, such as Flash or a PDF document, then re-writing it and only allowing the functions that are being implemented. Think of it as a sandbox that is customized for every document and application. This technology has a good chance of creating a more secure computing environment for many. Download Tenable Podcast Episode 56

Welcome to the Tenable Network Security Podcast - Episode 55 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements Several new blog posts have been published this week, including: Risky Business #173 Interview with Ron Gula - Process Accounting and El Jefe Deloitte Names Tenable as one of America’s Fastest Growing Companies - Again! Nessus Reaches Plugin 50000 Integrating Hydra with Nessus Video Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We're hiring! - Visit the web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more! Stories Joomla! - Is one software more secure than another? Ninja: A Privilege Escalation Detection and Prevention System! - "Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user." New Tool Released - HTTP sessions & Social Networking - "When it comes to user privacy, SSL is the elephant in the room" said Eric Butler Apple Closes FaceTime For Mac Security Hole - Software security may be a problem, but then there is stuff like this. 12-year old Finds Buffer Overflow in Firefox - gets $3,000 Least Common Denominator - How do we solve the problem where 1% of the users drive a large percentage of the software's functionality and features? Download Tenable Podcast Episode 55