Tenable Network Security Podcast Episode 121 - "Enterprise Netstat, OS X Trojans"

Announcements

• Tenable Selected for DISA’s ACAS Vulnerability Management Solution
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• Netstat Active Connections - Active connections are enumerated via the 'netstat' command.
• SSL Resume With Different Cipher Issue - I just can't help but wonder how many times we can poke holes in SSL. The protocol does not breed much confidence, and I'm curious if we will ever see a replacement.
• Citrix XenServer vSwitch Controller < 2.0.0+build11349 Multiple Vulnerabilities - While VMware clearly has a lion's share of the market, there are several other virtulization vendors in the market. Whatever platform you choose, security has to be one of the top priorities as reliability and integrity of your virtualization platform is of the utmost importance.
• HP System Management Homepage < 7.0 Multiple Vulnerabilities - Not only did HP miss a CSRF vulnerability, but they bundled in a vulnerable version of Apache, PHP, and OpenSSL. This is unacceptable.A company this large, producing the amount of software they do, must have a better process for securing software.
• Mac OS X OSX/Sabpab Trojan Detection - Make sure you are running this plugin often against your OS X hosts. They could be infected with new variants or become re-infected from a Time Machine backup.

• IBM Tivoli Directory Server Web Administration Tool Unspecified XSS - More XSS in enterprise management applications.

Passive Vulnerability Scanner (PVS):

• Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities - Sometimes you just have to install select software to make something work. This is one such example, where a video won't play for a user, so they have to quickly install RealPlayer to make it work. Then they forget about it, and it's never kept up-to-date.
• TeamViewer detection - This software reminds me of PC Anywhere, or even better, GoToMyPC, all of which are just bad ideas. They work to bypass firewalls and give people access to their desktops. From a security perspective, this type of access has always led to risky situations, which are often taken advantage of by attackers.

SecurityCenter Report Templates:

• Nessus Enhanced Botnet Detection - "The sample above was cut from one of three chapters and depicts the successful progress towards the removal of malicious software, and related configuration changes, measured by repetitive Nessus scanning over time. After the sharp upwards trend caused by initial malware detection there is a healthy downwards trend."
• TeamViewer Detection - "This template was designed to report hosts and network locations that have been observed using TeamViewer. The sample above was cut from one of two chapters in the template and points to the physical network locations where TeamViewer was observed in use."

Stories

1. Three No-Nos When Interviewing For an InfoSec Job - Some really funny stories here, like the interviewee who was hacking into the wireless network!
2. USB drive uses voice recognition for increased security - I'm curious to see how (or if) this really works, a voice pattern to unlock your USB thumb drive. Very James Bond, but typically the security on these devices is bypassed some other way, getting around the "my voice is my password." Though, I've always wanted to say, "Hi, my name is Werner Brandes. My voice is my passport. Verify Me."
3. WordPress fixes file upload security problems - Wordpress is a scary place. If you must use it, make sure you have your own install, are hardening your PHP install, and using something like Mod_Security.
4. Firefox skirts Windows security feature to make silent updates happen - UAC bypass to install updates!
5. Monitor OS X LaunchAgents folders to help prevent malware attacks - There are a few different folders in OS X software will reside in to automatically start. This is a neat place to look and check the things that get placed here. Similar to the Windows registry keys.
6. 15-year-old arrested for hacking 259 companies - How bad is website security when a 15-year-old can hack over 200 companies?
7. XSS Shortening Cheatsheet « Neohapsis Labs - Pay attention to this if you are finding XSS and not able to exploit it or demonstrate it.
8. The Trouble with IPv6
9. Security Issues in IPv6 Transition