Tenable Network Security Podcast Episode 112 - "Evil USB, Detect Unsupported Devices, & Managing Mobile Risk"

by Paul Asadoorian
February 7, 2012

Welcome to the Tenable Network Security Podcast Episode 112

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Ron Gula, CEO/CTO

Announcements

New & Notable Plugins


Passive Vulnerability Scanner

Nessus

Stories

  1. Don’t Stick That in There – HID (Human Interface Device) - Evil USB keys persist in penetration testing and evil insider attack scenarios. Detecting is interesting, and the most difficult to detect are the devices that are HID, which really do evil things.
  2. OSCommerce v3.0.2 - Persistent Cross Site Vulnerability - Every once and a while, an XSS comes along that you should pay attention to, and this is no exception. A persistent XSS in an e-commerce application is a bad thing!
  3. Android and Security - Official Google Mobile Blog - Google has some work to do with respect to security, and they know it. All of the mobile device application security researchers I've spoken with tip their hat to the iOS platform for its strides in security, and then go on to say how easy it is to exploit Android.
  4. FBI Conference Call Tapped By Antisec - I've seen this story also mention Anonymous, so therefore, we have to cover it to get in our Anonymous coverage. Apparently, a phone call was leaked, proving that phones can be tapped and attackers do not comply with FCC regulations.
  5. Sophos 2012 Security Threat Report - Can anyone guess what's the most common malware still infecting computers? If you guessed Conficker, you'd be right.
  6. Two Approaches to Managing Mobile Devices - Giving the user more control of their devices has benefits!
  7. Microsoft Internet Explorer 'Forced Tweet' Cross Domain - Interesting vulnerability that allows the attacker to potentially make Tweets posing as you.
  8. Apple revises Snow Leopard security update - Again, so soon?
  9. 'Psycho Siri': Scariest Siri parody yet? | Crave - CNET - Really funny parody about Siri gone Psycho. Now, the first part is total science fiction, and very funny. However, in the final scenes the iPhone with Siri takes control of the person's car. Science fiction or reality? See the next story...
  10. Remotely start your car using an Arduino - Freaky, huh?
  11. Job-seeking Marriott hacker gets 30 months' porridge - This is the wrong way to try to land a job.
  12. Satellite phone encryption cracked - Telegraph - Could this be how Anonymous hacked into FBI phones?
  13. PHP 5.3.10 fixes critical remote code execution vulnerability - PHP still suffers from remote exploits, just an FYI.