Tenable Network Security Podcast - Episode 29

Welcome to the Tenable Network Security Podcast - Episode 29

Announcements

• Several new blog posts have been published this week, including:
  • Using Nessus Thorough Checks for In-depth Audits
  • Vulnerability Metrics Webinar - April 28, 2:00 PM EST
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!
• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed!
• You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Stories

• Why I Use Firefox - At the recent "Pwn20wn" contest at CanSecWest security conference, a researcher known as "Nils" successfully exploited Mozilla Firefox 3.6.2, bypassing Windows operating system defenses such as ASLR and DEP. This is truly quite the accomplishment, and as the article states: a motivated attacker will find ways to bypass defenses. All browsers were exploited in the "Pwn20wn" contest, including Internet Explorer and Safari (but possibly not Chrome... we're still researching!). However, Mozilla has already fixed the bug that led to this vulnerability and released the patch. Both Microsoft and Apple are still "taking it into consideration". This is why I run Firefox; there is no such thing as a truly "secure" web browser, so I go with the one who can crank out patches the fastest.
• The Most Depressing Post of the Week - WHID - The Web Hacking Incidents Database is a project run by OWASP in order to track incidents that have occurred as a result of web application attacks. The post linked here is a sample of some of the entries, which include stories such as, "A mentally ill woman exploited a loophole in D.C. tax office online systems to gain unauthorized access to taxpayer accounts."
• Scraping Time Servers - HD Moore has published a Metasploit module that will execute a DoS attack using the NTP protocol, which can be initiated with a single packet. I first heard of the NTP work HD was doing on the Risky Business podcast. At a Security B-Sides event held along side the RSA conference HD presented his research into NTP. He figured out that there are some neat features built into NTP that are not associated with keeping time. The most useful are the ability to query an NTP server and receive a list of clients that are using it to keep time, in addition to any peers of the NTP server. This allows you to map and discover many hosts on the Internet. Very cool research!
• Certified Pre-0wned - There have been several reports of devices shipping from the factory with malware installed on them . The latest is the "Energizer trojan", which infects systems, adds itself to the startup registry key, appears to contain Chinese-created software and sets up a listener on TCP port 7777. The lesson to learn here is that no matter how well your systems are protected, malware may find its way into your network. If you are not looking for it, this does not mean it will not exist. Simply relying on anti-virus software alone is a huge mistake, as there are many factors that contribute to the effectiveness of anti-virus software (such as keeping the software and definitions updated). Regular scans using a vulnerability scanner such as Nessus (which can detect several different kinds of malware) is a good measure to add to your overall security strategy.