Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 115 - "Hacking sprinklers, vulnerability remediation, photo slurping"

Welcome to the Tenable Network Security Podcast Episode 115


  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Ron Gula, CEO/CTO


New & Notable Plugins


Passive Vulnerability Scanner:


  1. Wardriving for Zigbee - The first question many people are asking when they see this title is, "What do you find when wardriving for Zigbee?" In one example, evidence points to either lighting or a lawn sprinkler system. Zigbee can also be found on buses used for what appears to be tracking purposes. Much of this research will fly under the radar, as the reason WiFi is such a big deal is because it potentially leads back to the corporate network. In the case of Zigbee, it's mostly control systems of some kind, but not limited to "industrial," so if you want to re-create the Bellagio fountains show, this may be your ticket.
  2. Fixing Vulnerabilities On A Shoestring - A study found that a much smaller percentage, 29% to be exact, of the time spent remediating vulnerabilities was spent actually fixing the vulnerability. Lots of other time is spent setting up a development environment and testing to make sure the vulnerability is remediated. While this article is a bit light on other details, it does present a very common problem in our industry. People want an easy, point-and-click way to get rid of vulnerabilities, when in reality, it's a process. I believe this is one of the largest problems we face in our industry, and strongly believe organizations that have a solid vulnerability discovery AND remediation process are the ones staying out of the headlines when we talk about breaches.
  3. US e-voting system cracked in less than 48 hours - "We successfully changed every vote and revealed almost every secret ballot." I just can't help but think that online voting is a BAD idea. However, it sounds like the company providing the system did not even try to implement security: "Even the Linux kernel used in the project proved to have a well-known vulnerability. They were also able to use the PDFs generated by the system to trick the encryption mechanism, while unsecured surveillance cameras provided additional insights into the infrastructure."
  4. Nmap Iptables Shell Script - Really neat iptables rules that log and drop certain tcp flag combinations associated with Nmap scanning. If someone is using Nmap against one of your systems, it might be a nice thing to log and add into your SIEM for correlation.
  5. Most organizations take months -- or years -- to discover a breach - There are few findings in the Verizon report that really stand out as sending a solid message. One statistic is pretty clear, 60% of organizations discovered breaches months or years later. To me, this means detection mechanisms are not being used properly. This can stem from several different problems, and begs yet even more questions, such as why? Not enough staff? Not the right staff? Do you have the right tools? Are the tools not configured properly?
  6. How GitHub handled getting hacked - At the surface, it may sound like a lot of back-and-forth between a security researcher and a large project. However, it goes to show you, listen to the people disclosing vulnerabilities and do not dismiss them. I'm not saying they are right to exploit a vulnerability to make a point. I'm saying they may do that, and the only one that loses is the one who is vulnerable, and well, your customers too.
  7. Polycom Web Management Interface Command Injection - First off, these systems run Linux (PPC chipset). The beauty of a web interface command injection is that you don't need shell code, so the operating system architecture and any stack overflow protections mean nothing, you still get shell. This is also the classic case of the feature in the management interface that lets a user "ping" a system. It often leads to command injection. It's such a classic case, you wonder how it got there in the first place. Did they hire a developer with no experience to code the web management interface?
  8. iPhone photo-slurping loophole sparks app privacy fears - Paul's tip for the week: Don't take naked pictures of yourself with your phone and leave them there. Just sayin', other people could see them.
  9. Android a photo-slurper too: report - Again, the "no naked pictures of yourself" rule applies to Android too.
  10. Stolen NASA laptop had Space Station control codes - "48 different agency laptops or mobile devices had been lost or stolen between April 2009 and April 2011 (that NASA knows of). The kit contained sensitive data including third-party intellectual property and social security numbers as well as data on NASA's Constellation and Orion programmes." That's a lot of laptops. Seems they need more than data encryption, how about some user education? We've all heard the reports that NASA has received less funding, maybe this is a side result?
  11. NASA lost 'full control' to hackers, pwned 13 times last year - And yet even more NASA hacking. Ouch. Though we do get some insight: "Paul Martin told a Congressional panel on information security at the space agency that NASA spent $58m of its $1.5bn annual IT budget on cyber security." Was that not enough, or is it more about how you spend your money?

Download Tenable Network Security Podcast 115 (mp3)

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.