Tenable Network Security Podcast Episode 194 - "Common Sense Security..."
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
- Common Sense Security Monitoring - I really have a lot of faith in this concept, largely because it makes sense in the real world in addition to the digital world. For example, you become accustomed to the happenings in your neighborhood. People tend to be creatures of habit: They leave for work around the same time, walk their dogs around the same time of day/night, lights go on and off at fairly regular times, etc. When someone breaks the mold a bit, you tend to notice (at least I do). It sends up a red flag, and I pay closer attention to the behavior. For example, a car driving around with its lights off at 11 pm, when that's not supposed to happen until at least 4 am when my neighbor up the street leaves for work and doesn't want to blind the neighborhood with his headlights. Some new PVS rules will allow you to accomplish the same thing and flag behavior such as SSH traffic not on port 22.
- The NSA Saga Continues - Recent developments have furthered discussions on how NSA spying impacts corporate business processes. Should we be paranoid that someone is watching? How safe are our corporate secrets if the NSA has a backdoor in our security products? Do you, like several others, boycott RSA as it has been reported that the NSA maintained backdoors in their products?
- DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities
- Wireshark 1.8.x < 1.8.12 Multiple DoS
- Wireshark 1.10.x < 1.10.4 Multiple DoS
- LiveZilla < 188.8.131.52 Multiple Vulnerabilities
- Novell iPrint Client < 5.93 DoS
- OpenMediaVault Web Detection
- OpenMediaVault Default Administrator Credentials
- SuperMicro Device Uses Default SSH Host Key
- SuperMicro Device Uses Default SSL Certificate
- Zabbix 1.9.x < 1.9.4 zabbix_agentd DoS
- Quagga 0.99.21 bgp_attr.c BGP Update DoS
- Oracle Fusion Middleware Web Services Component Remote Information Disclosure
- Asterisk Multiple Vulnerabilities (AST-2013-006 / AST-2013-007)
- Subversion 1.6.x / 1.7.x / 1.8.x < 1.6.23 / 1.7.11 / 1.8.1 Multiple Vulnerabilities
- Subversion 1.8.x < 1.8.2 FSFS Repository Corruption
- Subversion 1.4.x - 1.7.12 / 1.8.x < 1.8.3 Multiple Symlink File Overwrite Vulnerabilities
- Subversion 1.4.x - 1.7.13 / 1.8.x < 1.8.5 Multiple DoS
- Apple Motion Installed (Mac OS X)
- Apple Motion < 5.1 OZDocument::parseElement() Function MOTN File Subview Attribute Handling Integer Overflow
- Winamp Unsupported
- Safari Unsupported
- VMSA-2013-0016 : VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
- NTP monlist Command Enabled
- Splunk Enterprise 6.x < 6.0.1 Malformed Packet DoS
- Winamp < 5.666 Multiple Memory Corruptions
- HP Data Protector Multiple Vulnerabilities
- ScMM DSL Modem/Router Backdoor Detection
- Cisco WAAS Mobile Server Detection
- Cisco WAAS Mobile Server Web Administration Interface Detection
- Cisco WAAS Mobile Server Web Administration Default Credentials
- Cisco WAAS Mobile Server < 3.5.5 Remote Code Execution
Passive Vulnerability Scanner
Security News Stories
- Nessus HTML5 UI 2.1 Provides Enhanced Usability
- Space Rogue from L0pht and Hacker News Network Joins Tenable Network Security
- Ask A VC: Accel's Ping Li On The Impact Of Data-Driven Software and More
- Does retail security take a backseat during the 'holiday IT lockdown'?
- Industry Predictions for 2014; Part 4: Managed Security Services
- Industry Predictions for 2014; Part 3: The Effect and Influence of Government
- Defending against self-destructing PCs, other mythical security threats
- Lessons for CSOs in Snowden exploit of NSA networks
- Mikko Hypponen Still Speaking at the RSA Conference
- Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored | ZDNet
- Surprise! It's Super Easy to Identify People From Metadata
- Trojan program hijacks World of Warcraft accounts despite two-factor authentication
- Flash Memory Cards Contain Powerful, Unsecured Microcontrollers
- Probes Against Linksys Backdoor Port Surging
- OpenSSL Hackers Used Weak Password at Web Host to Deface Site
- Noted speaker, Mikko Hypponen, cancels RSA talk in protest to NSA collaboration allegations
- Growing human organs inside pigs in Japan
- Researcher Uncovers Backdoor In DSL Routers
- FireEye buys outfit that lifted the lid on Chinese cyber-espionage
- Hacker backdoors Linksys, Netgear, Cisco and other routers