Tenable Network Security Podcast Episode 103

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

1. Password Cracking Against Vulnerability Scanners - The tools released in this project allow you to test the passwords of several different vulnerability scanners and the Metasploit framework. It's a great time to mention that while security professionals are typically the ones finding vulnerabilities in systems and networks, you must protect your own tools as well. Included in your vulnerability assessment program should be techniques to find weaknesses in the systems and tools you use to find vulnerabilities and weaknesses in your own network. This is a topic to be explored further, as there are several things you can do within Nessus, and the underlying operating system, to tighten up ship. Its important for a lot of reasons, including the lack of use of firewalls when using security tools as they tend to get in the way with scanning and callbacks.
2. Plugging The Kiosk-Sized Security Hole - Primarily a physical security threat, locking down your kiosks is an important task. Especially if you are an organization that has a high volume of public foot traffic, such as a bank branch or a university. The number one thing that helps this situation is to treat your kiosks the same way you treat the Internet (from a network perspective). However, this is easier said than done as you want to be able to update the kiosk software easily to patch and manage configuration.
3. Google's WiFi Mapping Non-Solution - Maybe its just me, but I see the privacy folks jumping up and down on this one, and I just don't get it. If you run a wireless network, you are emitting a signal into an open RF spectrum that anyone, by law, is able to listen on. If you are correlating that to a location, and even publishing the information, that is still within the realm of the law. If you want true privacy there is a type of cable called "Ethernet", which is much more private.
4. Mass Joomla Component LFI Attacks Identified - Several different components of the Joomla content management system are prone to a local file inclusion vulnerability. Joomla has a history of vulnerabilities within the component architecture, and attackers know it. Honeypots have tracked attackers using automated methods of exploiting this vulnerability.
5. Cyber Intrusion Blamed for Hardware Failure at Water Utility - "Former chief security officer for the North American Electric Reliability Corporation (NERC), said the attack highlights the potential pitfalls of utilities increasingly turning to off-the-shelf commercial solutions and remote access to trim costs in an era of tight state and local budgets.". Uh, well, yea. Isn't that the typical recipe for "cyber disaster"? Some further "details" here.
6. When Scammers Call You at Home - Looks like attackers are automating Skype calls and enticing people to download software by telling them to visit a web site, then stealing their credit card information. My question is, how successful could this attack be?
7. Report Reveals Top 25 Crackable Passwords - We know these passwords are bad, why hasn't every system implemented password enforcement rules that prevent easy passwords like these?
8. Are you Positive? - False positives, true positives, true negatives, are you positively false, truly?
9. New Techniques for Detecting Hardware Trojans - With hardware you can detect hardware trojans. Interesting research, however, not within "scope" of most IT departments. I believe we're still left with detecting post-exploitation behavior, but often that can be too late.
10. 'Occupy Flash' Web Hippies Aim to Rid World of Adobe Plugin - "There's no indication of who is behind Occupy Flash or how many people are involved. Instead the group decided to stay anonymous." My guess would be those who stand to benefit the most of a world without Flash, like Apple for example. I'm just waiting for the "Occupy HTML5" movement which will promote the next web technology, whatever that may be. Oh, and I should note, they will all be equally as vulnerable to attacks.
11. BIND Flaw is Being Actively Exploited to Crash Servers - I like this quote: "Editor's Note (Murray): BIND is historically broken. If it does not work, price is irrelevant. " It couldn't be more true, yet we all still use it.