Tenable Network Security Podcast Episode 118 - "Detect jailbroken devices, mobile device concerns"

Announcements

• Predicting Attack Paths - Tenable has published a technical paper titled "Predicting Attack Paths." The paper describes how to leverage active and passive vulnerability discovery technology to identify in real time Internet-facing services, systems, and clients on your network which can be exploited in a variety of scenarios.
• Tech Tip: If you are running Nessus on Backtrack 5, consider using Google Chrome as your web browser. It runs Flash seamlessly and works great with Nessus. Firefox has some issues with Flash, and some people recommend the "Flashaid" extension.
• Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council.
• Available for download in the Tenable Support Portal: "The Tenable Event Correlation Paper."
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution - "In the file 'zp-core/zp-extensions/viewer_size_image.php' the value of the cookie 'viewer_size_image_saved' is not properly sanitized before being used in an 'eval()' call. This can allow arbitrary PHP code to be executed on the server."
• Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections - These particular SQL injection bugs allow an attacker to compromise your Tivoli management server, which is a critical asset and likely contains information on all of your systems, and even allows you to install software on remote systems. Also, the fix is not so easy: "There is no replacement for Tivoli Provisioning Manager Express for Software Distribution. IBM recommends installing Tivoli Endpoint Manager for Lifecycle Management v8.1 or later."
• Microsoft Windows Startup Software Enumeration - Searches two registry keys and reports back the software contained in each key that will run at startup.

The plugins below are local patch checks for Cisco IOS devices:

• Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
• Cisco IOS Software Network Address Translation Vulnerability
• Cisco IOS Software Command Authorization Bypass
• Cisco IOS Software RSVP Denial of Service Vulnerability
• Cisco IOS Software Smart Install Denial of Service Vulnerability
• Cisco IOS Software Reverse SSH Denial of Service Vulnerability
• Cisco IOS Software Zone-Based Firewall Vulnerabilities

• Apple jailbroken device detected

• Facebook app access

Stories

1. One lesson from Information Security World 2012 - Security is in trouble - A panel with Marcus Ranum, Chris Nickerson, and Alex Hutton, what could be better? The take-aways were security leaders don't have enough knowledge about the organization to make informed prioritization decisions, auditors should not determine priorities, management fights auditors instead of bad guys, there are lots of bears, and not enough smart people in the organization to be effective when it comes to security.
2. SSL Chain Cert Fun with Nessus - Neat article on how to update your certificate chain in Nessus so it recognizes your certificates and any SSL configurations with chained certs.
3. Mobile Device Management Top Concern - Mobile device vulnerability management is the top concern for security professionals. Ron Gula is quoted as saying "Mobile devices add an entirely new level of complexity to an organization, but security too often takes a back seat to convenience. Although the transient nature of mobile devices presents a unique challenge, organizations can achieve greater control by regularly scanning for vulnerabilities and monitoring the information that comes on and off their network." Now, some may take issue with how this comes to be the top concern. I'll admit, I think its a bit premature to think mobile devices pose that much of a threat. However, we're not talking about the "security" of mobile devices being the concern; its about vulnerability management and monitoring. Having spent a good amount of time traveling, I used my smartphone A LOT. I began thinking about how painful it was to use a first generation iPhone and how far we have come. At what point do many just stop carrying a laptop?
4. Curb Their Enthusiasm: CEO Optimism Can Be A Security Risk - This is one of the greatest quotes about security I've read in a long time: "…bad security decisions are made for the same reasons that other bad decisions get made: inability to predict the future, failure to foresee all the consequences of the decision, and a reliance on someone else who doesn’t live up to their end of the deal."
5. Lesson From Pwn2Own: Focus On Exploitability - "The speed that vulnerabilities could be exploited holds a lesson. While vulnerabilities that are actively being exploited should receive the highest priority for patching, the contest shows that the exploitability of a vulnerability -- not just the existence of an exploit -- should be considered as well." There is this notion that some people must see a system exploited in order to believe it presents risk. It's difficult to know which vulnerabilities are easy to exploit, and which ones are next to impossible. However, Nessus can help you find the systems for which an exploit exists, and no question you should be patching these first. But don't leave out all the other vulnerabilities, as there are people who can crank out an exploit for a given flaw rather quickly, and if you are not expecting it, it can be damaging when exploited.
6. FreePBX Exploit Phone Home - Some really neat stuff in here -- FreePBX exploit, using Nmap for privilege escalation, and more!