Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Episode 109

Welcome to the Tenable Network Security Podcast Episode 109


  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Ron Gula, CEO/CTO



  • Five Principles to Better your Security Monitoring - I believe that knowing yourself is different from being able to get the data that you need in order to be successful. I know people love Sun Tzu and all, and I've even been known to make a reference to his philosophy, however this is not about knowing yourself. This is about working as a team and sharing information that makes sense. I've experienced this several times within organizations, and that is teams are working as their own little armies. The fact is that everyone needs to cooperate when it comes to security. Furthermore, knowing the terrain is a moving target, IT systems and landscape changes all the time, so while you may know it today, you may not tomorrow.
  • Wireshark 1.4.x and 1.6.x Updates Close Security Holes - I've seen a long history of problems related to security with this tool. It stems from the fact that its parsing data, lots of different types of data, and sometimes not very well. I still tend to lean towards the command line tcpdump, but if you are using Wireshark, be certain to be on the latest version and consider running it on systems that have the least impact if compromised.
  • PHP 5.3.9 Released with Hash DoS Fix - I used to think that DoS vulnerabilities were not a big deal. However, now that the entire world relies on the web for any number of things, these are a big deal.
  • Recovering a Hacked Gmail Account - This can be a very time consuming process. The story goes into details of the attack, the emails to friends about being mugged overseas and needing money, etc... it begs the question of whether or not using cloud-based email is worth it. I am a huge fan of using it, but adding protections such as strong pass phrases, two-factor authentication, getting rid of the security question, and using PGP.
  • 10 Years of Breach - I've heard of University breaches that have gone on for years without being detected, but this one takes the cake. They found that for 10 years attackers had planted viruses on university systems, until finally one day a monitoring system detected some behavior that led to an investigation. Ignoring security is a strange thing, if you ignore the problem everything will seem okay. Until one day when you find out about the problems and it's too late. However, the longer you let the problem go, the worse off you will be. Ten years is such a long time that there is no way to even tell who is affected. 10 years is a lot longer than most people attend college!
  • Sysinternals Updates - Updated have been released for this tool, and there is a great story about how Mark fixed his Mom's computer over the holidays!
  • PRC Targeting DoD Smart Cards - Never fails, when you adopt this awesome technology to secure things, people will attack it.
  • Time to Check your DNS Settings? - The bad guys behind this botnet had infested approximately 4 million computers in more than 100 countries with malware called DNSChanger. This Trojan horse allowed them – among other things – to redirect requests of unsuspecting users to malicious or illegal destinations by altering their connection settings, namely the address of the DNS server - If you were to write malware to do just one evil thing, changing the DNS server may be on the top of the list.
  • Windows Live May Be a Vulnerability for Xbox Live Users
  • Zappos Says Hackers Accessed 24 Million Customers' Account Details - I was just commenting how awesome Zappos was to shop with, then this. However, after it blows over, will I still shop there?
  • ACROS Security Blog: Is Your Online Bank Vulnerable to Currency Rounding Attacks? - Warning, lots of math here. However, some neat profiles of "Exploitation".

Download Tenable Network Security Podcast 109 (mp3)

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.