Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 12

Welcome to the Tenable Network Security Podcast - Episode 12

Announcements

Interview: Marcus Carey - Dojocon/Dojosec

Marcus_J_Carey_Cartoon.jpg
Marcus J. Carey supporting good causes like Hackers For Charity.


Marcus is the Director of Innovation at Saecur, an Information Assurance Architect, Inventor, Knowledge Transfer Expert, Mentor, and Speaker. He has created a monthly security briefing program called "Dojosec", and just recently launched the first yearly security conference to accompany the monthly briefings called "Dojocon".

Stories

  • Spammer How-To Guide Leaked! - Cyber criminals made an "oops" that allowed users to download manuals containing instructions on how to conduct spamming attacks. The information included "how they use SEO optimization to achieve top rankings on search engines, and how they trick CAPTCHA. You can learn how to use Xrumer and Hrefer, two ideal spamming tools."
  • The "Responsible Disclosure" Debate Continues - While the debate rages on between security researchers and vendors about what "Responsible" really means in this context, the fact remains that vulnerabilities are discovered, reported, and not patched. If you don't believe me, check out the ZDI initiatives pages of "upcoming advisories". It lists the vulnerabilities that have been reported, which vendor is responsible for the software, and how long it is taking to patch.
  • Microsoft Issues Advisory on Windows 7 Security Bug - A new bug in the SMB protocol has been uncovered by security researcher Laurent Gaffie. Proof of concept code has been posted and is known to cause a denial of service condition on Windows 7 systems. Microsoft has released an advisory and is working on a patch.
  • Good Social Engineering Article to Share With End Users - While attackers and penetration testers will use social engineering to break into your networks and access sensitive information, its important for end users to be educated about these attacks. In the same way you raise awareness surrounding email phishing scams or the latest malware, its important to raise awareness about social engineering. The examples in this article are well done, including this little story which highlights how "angry people" can slip past your defenses: "A good real world example of this is my buddy wanted to sneak some alcohol into an amusement park. The park has a guard station to check the bags and a wand to detect metal. My buddy started up a heated fight with his wife before they walked up and the guards just waved them by the checkpoint without checking or wanding them!"

Tenable Events

  • 2009 OWASP Application Security Conference in Washington, DC at the Walter E. Washington Convention Center on November 10-13th, 2009
  • - Quote from our very own CEO: "I had a good time showing SC 3, SC 4 and Nessus 4.2 to folks at the OWASP conference last week. I really feel the combination of web app auditing with Nessus, web log monitoring with LCE and things like process accounting and MD5 checksum analysis of logs was much more than folks were expecting from Tenable at the show."

Download Tenable Network Security Podcast Episode 12

Download Tenable Network Security Podcast Episode 12