Tenable Network Security Podcast Episode 182 - "Securing Your Cloud, The World of WordPress"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
- Securing Your Cloud - New plugins were released this week for Amzon Linux AMI, allowing Nessus and SecurityCenter users to perform local patch checking against this platform. This got me thinking, with all the "hoopla" surrounding cloud security, did anyone listen? It would seem to me that cloud-based applications are here to stay. And that we've all made the risk decision that we're going to press forward. Is this the right call? Are there hidden cloud security risks, or are they mitigated enough to continue to put resources into "cloud"?
- The World of WordPress - WordPress is another case of an extremely useful technology, but one that comes with a lot of security baggage. On the one hand, WordPress amazes me (in a good way). The ease of set-up and the plethora of plugins makes implementing a feature-rich website easy. On the other hand, it contains a lot of really crappy code. Code that is in no way even in the same universe as "secure code." What do you do? Code review all your plugins? Use something more secure, but costs more money to set up, build, and maintain? While I don't recommend rolling the dice and taking your chances when it comes to security, you must play the risk game.
- "Reducing Your Patch Cycle to Less Than 5 Days" - Jack Daniel and I delivered this webcast last week, and it was received positively by the community. Reducing your patch cycle is not easy, and we covered the people skills, organizational skills, technical challenges, and ways to use Tenable products to reduce the patch cycle. The questions were fantastic, and a sampling of questions were posted, along with the answers.
New & Notable Plugins
- Amazon Linux AMI : puppet Arbitrary Code Execution (ALAS-2013-213)
- RealPlayer for Windows < 18.104.22.168 Multiple Vulnerabilities
- FileZilla Client Installed
- Microsoft SQL Server STARTTLS Support
- Cisco Nexus 1000V VEM DoS (CSCtj17451)
- FileZilla Client < 3.7.2 SFTP Integer Overflow
- HP LaserJet PJL Interface Directory Traversal (HPSBPI02575)
- CiscoWorks Common Services Home Page Component Unspecified Shell Command Execution
- FileZilla Client < 3.7.3 Multiple Vulnerabilities
- Computer Associates ARCserve Backup LDBserver Remote Code Execution Vulnerability
- RSA SecurID Software Token Converter Buffer Overflow (Linux)
- RSA SecurID Software Token Converter Buffer Overflow (Windows)
- Websense Email Security Installed
- Websense Email Security SMTP Component Weak SSL/TLS Ciphers
- WP Online Store Plugin for WordPress Multiple Parameter File Disclosure
- Opera < 16 Multiple Vulnerabilities
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
- Oracle TNS Listener Remote Poisoning
Passive Vulnerability Scanner
Tenable Compliance Checks
Security News Stories
- Source: New York Times Website Hit by Cyber Attack
- 10 Years Later: Could an Epic Blackout Happen Again?
- NSA: NOBODY could stop Snowden - he was A SYSADMIN
- The Body-Worn "IMSI Catcher" For All Your Covert Phone Snooping Needs
- Getting To The Root Of Application Security Problems
- 22 Years Later, The Linux And Open Source "Cancer" Is Wonderfully Benign
- Stop treating your datacentre as if it were a laptop: Symantec