Tenable Network Security Podcast - Episode 99

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #9".
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

1. iPhone 5 Emails Infect Windows PCs with Malware - Attackers have proven to be very opportunistic when it comes to email scams and malware. Take the iPhone 5 for example, emails sent to thousands of people in an effort to get them to read up on the iPhone 5, which from the screenshot appears to be completely transparent. A neat defiance of physics, the real kicker being that Apple announced the 4S, not iPhone 5 yesterday.
2. The 20 Controls That Aren’t - Ben Tomhave calls out the SANS CAG as 1) Not being actionable 2) Not able to scale and 3) Being designed to sell a product. While I agree in principle, its all about how you use the tools and guidelines. For example, if I want to know the areas that I should be covering in my information security program and some tips on how to do that, I might turn to the SANS CAG. Then I would go to the CIS benchmarks for recommendations about how to configure my systems security. At the end of the day, I am going to have to buy some products to help me get the job done, and I believe the various standards do not recommend a vendor, but areas in which you should focus on to help secure your organizations. Having said that, don't ignore vendors that provide products or services outside published guidelines, sometimes they can help you the most (of course, sometimes they are just the opposite).
3. Some Hotel Safes Not So… Safe - We may have covered this one before, but just a reminder, the hotel safes are not safe and there are videos all over the web showing the default password. This one has reached true full-on public status. So you can either carry all of your stuff with you, or is there such a thing as a travel safe? Or, do you try to hack the safe first before putting your valuables in it?
4. Cisco Patches Slew of IOS Bugs - I love this: "A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Smart Install uses TCP port 4786 for communication. An established TCP connection with a completed TCP three-way handshake is needed to be able to trigger this vulnerability" Yeah, because a full TCP-Three-Way handhake is a defense, that'll stop em'! I love remote code execution on a switch, yes make my port a mirror port. No one is in a big hurry to apply an update to a switch either.
5. Post Exploitation Shellbaging Security Aegis - I thought Carlos would enjoy this one, its a post-exploitation script that performs an interesting type of file system forensics: "Since the ShellBag keys store various metadata on how Windows Explorer items were arranged and since they are recorded for each user, from a computer forensics standpoint, one can parse the data and pull out various pieces of information that relate to user interaction. When combined with other available computer artifacts, it could provide a more complete picture of what files were accessed or deleted by the user and from what storage device they were accessing at the time (could be either an internal, external or network storage device)."
6. File Disclosure Browser - DigiNinja - Ever see those weird .DS_Store files on various shares, web servers, and even on your own file systems and USB drives? Turns out those come from OS X and can contain information about your files, and even the location of some hidden files. Robin Wood's script extracts this information from .DS_Store files posted on web sites.
7. NOTE: This page has been known to trigger A/V alerts, visit at your own risk! - http://securityxploded.com/passwordsecrets.php - Password Secrets of Popular Windows Applications - What a great list of applications and where they store their passwords, and how!
8. Collected 1st & 2nd Level Domains - Some neat research from Max, who has collected 1st and 2nd level domain information, enumerating the domain names across large sections of the Internet.
9. Fail a Security Audit Already -- It's Good for You - If that's the case, everyone is really healthy! However, failing is a part of learning. Most do not pass their first security audit, if you do, then why did you pay for one in the first place? You security audit should be telling you things you can do better, because chances are what you are doing has a few gaps or is just simply not enough. Audits, assessments, and penetration tests should tell you something you didn't already know.
10. More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities - This is one of the things that keeps me up at night. We rely on all of these frameworks, and each of the frameworks allows people to write code and install it on your system(s). Sometimes that code does evil things.
11. Sometimes the Security Helpdesk Gets The Last Laugh - Word to the wise: Format and re-install your OS after you've contracted Malware.
12. Air Traffic Control Data Found on eBayed Network Gear
13. Bank of America Website Disrupted for Fourth Day in a Row
14. Check Your Machines for Malware, Linux Developers Told - I wonder if they are also formatting and re-installing? Oh wait, its Linux, it doesn't get viruses.
15. Law Enforcement Increasingly Asking Internet Companies to Share Data - Yes, 4th Amendment in full swing, we need a warrant, we can't get one, so can you collect the evidence for us?
16. Amazon Kindle Tablet Routes Web Traffic to Cloud First