Tenable Network Security Podcast Episode 152 - "WiFi Network History, Self-policing Code"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Squid 2.x / 3.x < 3.1.22 / 3.2.4 / 3.3.0.2 cachemgr.cgi DoS
• Advanced Custom Fields Plugin for WordPress acf_abspath Parameter Remote File Inclusion
• Citrix XenDesktop Virtual Desktop Agent USB Redirection Propagation Handling Access Restriction Bypass (CTX135813)
• Drupal 6.x < 6.27 / 7.x < 7.18 Multiple Vulnerabilities
• IBM Rational ClearQuest 7.1.x < 7.1.2.9 Multiple Vulnerabilities (credentialed check)
• VMSA-2012-0018 : VMware security updates for vCSA and ESXi
• Snare Agent for Linux > 1.7.0 / 2.0.0 Multiple Vulnerabilities
• Novell iPrint Client < 5.82 Remote Code Execution
• Novell eDirectory 8.8.x Multiple Security Vulnerabilities
• Citrix XenApp XML Service Interface Crafted Packet Parsing Remote Code Execution (CTX135066)
• Mac OS X Wireless Networks List
• PostgreSQL 8.3 < 8.3.18 Multiple Vulnerabilities
• MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution
• MS KB2798897: Unauthorized Digital Certificates Could Allow Spoofing
• VLC < 2.0.5 Multiple Vulnerabilities
• SSL Certificate Chain Contains Illegitimate TURKTRUST Intermediate CA

Passive Vulnerability Scanner

• Flash Player <= 10.3.183.43 / 11.5.502.110 Multiple Vulnerabilities (APSB12-27)
• iPhone App Install Detected
• Opera < 12.12 Multiple Vulnerabilities
• Netsuite Client Detection
• Instagram Upload Activity Detected
• Real Networks RealPlayer < 16.0.0.282 Multiple Vulnerabilities
• Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)
• MySQL Server 5.1 < 5.1.63 Multiple Vulnerabilities

Stories

1. Does Your Alarm Have a Default Duress Code?
2. Pointless observation on snow removal and InfoSec
3. Biggest Problem in Computer Security | ITauditSecurity
4. Top email terms used by corporate fraudsters published by FBI
5. Researcher sidesteps Microsoft fix for IE zero-day
6. Silent Skype calls can hide secret messages
7. Why Hackers Are So Much Funnier Than You Are