Tenable Network Security Podcast Episode 111 - "Detecting pcAnywhere, browser vulnerabilities, & hacking cars"

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #3, so be certain to check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Passive Vulnerability Scanner

• Opera < 11.61 Multiple Vulnerabilities
• Google Chrome < 16.0.912.77 Multiple Vulnerabilities

Nessus

• OpenSSL 0.9.8s DTLS Denial of Service
• McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution
• WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow
• WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow
• HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
• HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
• HP Managed Printing Administration Detection

Stories

• New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed - Yet even more reasons to read all of your email in plain text, the way it was intended. Some email clients give you the option, which I really like, so by default it does not load the message in HTML until you tell it to.
• Cisco Security Appliances at risk from Telnet bug - This is the same nasty Telnet bug we talked about a couple of weeks ago, and it is now found to be installed on Ironport email appliances from Cisco.
• Symantec publishes pcAnywhere security recommendations - This is the most bizarre warning from a company I have ever seen: "...it warns against using the remote PC control software at all, since malicious parties could use the source code to identify and exploit security vulnerabilities to compromise PCs that use the program." So wait, if they are hinting towards the fact that their software contains vulnerabilities, why haven't they fixed them? Have they not been looking? Have they not hired people to find problems in their software? Oh and get this: "...the company 'knew there was an incident in 2006,' but that 'it was inconclusive at the time as to whether or not actual code was taken or that someone had actual code in their hands'." I am actually speechless. More information from Wired on this topic. If anti-virus companies can't keep themselves secure, are we all doomed?
• Why Your Company Needs To Hack Itself - The term "hack" is not fully defined here, but let's take that as any action against your organization's systems that will test the security of them. There are, of course, different levels of "hacking." First, and foremost, let's look at what may be the easiest, least impactful, and actionable process out there: Scan all of your systems with Nessus that are externally facing and act on the results. The second part is the more difficult of the two as it invokes people, but you must be constantly identifying vulnerabilities and exposures on your Internet-facing systems. I'm stumped as to why more people are not doing this.
• Hacking Seen as Rising Risk With Car Electronics - Having just bought a new car, I believe this threat is becoming more real. The vehicle emergency system can unlock the doors remotely, identify where the vehicle is located, enable Bluetooth to talk to my phone, and more. The car is becoming more and more like a computer every day, and we as a security community wonder what could happen if we were to start evaluating the security of vehicle systems. Some have, and the results are as expected -- features took priority over security.
• Students busted for hacking computers, changing grades - This is similar to "War Games," but with a twist. Rather than stealing the password by looking at the paper on the desk, the students stole a master key from a janitor and installed keystroke loggers on the computers. Then, they changed the grades and sold test answers to other students. This is not cool. Kids, if you're listening, don't hack into computers at your school without permission as it's not like in the movies, you will be expelled.
• Feds say Megaupload user content could be deleted this week - Just a word of caution, if you store your data in the cloud, make sure you have a backup.
• Shmoocon Demo Shows Easy, Wireless Credit Card Fraud - I watched most of this talk over the live stream, and I just kept thinking that this has been possible for quite some time. I'm a huge fan of Paget's research into RFID, and I am glad to see this is getting attention. There seems to be some protections in place though, such as, only the credit card number being leaked over RFID, and not the person's name, PIN, or CVV number.
• Rootkit has rhythm - "Attackers are embedding specially-crafted MIDI files into web pages which are then opened by Internet Explorer using a plugin from Windows Media Player. The sound of background music covers the MIDI file using the vulnerability to execute shell code which installs a rootkit onto the system." So the big question is: If you were to have theme music to go along with your rootkit, what would it be? (My answer: The Who's "Don't Get Fooled Again")