Tenable Network Security Podcast Episode 129 - "More RDP Vulnerabilities, Hacking Back?"

Announcements

• Tenable Network Security Reveals the Next Generation of Its SIEM Solution
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution - I find it interesting that the first vulnerability came from TippingPoint's ZDI program, which listed it as a remote code execution. Now we have a second remote code execution in the same protocol. Organizations really need to get a handle on controls for this service, and if you're using it make certain it's configured properly and patched.
• Citrix Provisioning Services Unspecified Request Parsing Remote Code Execution (uncredentialed check) - The concept of providing virtual desktops and being able to roll them back to a "clean" state once the user logs off is useful. However, this is a case where software that helps you implement security contains vulnerabilities. This exploit comes from iDefense, and one released early this year came from TippingPoint.
• F5 Multiple Products Root Authentication Bypass - If you are running F5 products that are vulnerable, patch immediately. Turns out they all use the same private SSH key, giving attackers an easy way to gain access to them.
• Asterisk Remote Crash Vulnerability in Skinny Channel Driver - Note there are many products that embed Asterisk to provide VoIP functionality.
• iTunes < 10.6.3 Multiple Vulnerabilities (uncredentialed check) - Apple references this vulnerability with regards to both OS X and Windows platforms.
• PHP 5.3.x < 5.3.14 Multiple Vulnerabilities - Public exploit code is available.
• RuggedOS Web-Based Admin Interface Default Credentials - Coming off the heels of the Telnet backdoor, RuggedOS also uses a default password on the web management interface.

Passive Vulnerability Scanner

• Mozilla Thunderbird 12.x < 12 Multiple Vulnerabilities
• Mozilla SeaMonkey 2.x < 2.10 Multiple Vulnerabilities
• Mozilla Firefox 12.x < 12 Multiple Vulnerabilities

SecurityCenter Report Templates

• Chrome, Firefox, Opera and Safari (PVS) - This report template focuses on vulnerabilities discovered in four of the most popular cross-platform web browsers.

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

Stories

1. Parsing Nessus CSV Reports with PowerShell - Nice article from our very own Carlos Perez!
2. Encoding malicious PDFs avoids detection - "After experimenting with the XDP format, he was able to create another file that fooled all 42 anti-virus engines used on VirusTotal." That's an excellent success rate, especially for such an easy technique. While Anti-Virus bypass has always been a hot topic, we always seem to make the recommendation that organizations still use Anti-Virus products, why is that?
3. Survey Says - Security Spending Going Up, Up, Up - "It's one thing to say that attackers are getting better all the time (true) and it's valid to say that organizational change that benefits security is hard, but at the same time if the budget dollars creates malinvestment, well that one is on our industry." The big question is, are we "malinvesting" or truly improving our security posture?
4. How Intelligence Makes You Vulnerable - "When people face an uncertain situation, they don’t carefully evaluate the information or look up relevant statistics. Instead, their decisions depend on a long list of mental shortcuts, which often lead them to make foolish decisions. These shortcuts aren’t a faster way of doing the math; they’re a way of skipping the math altogether." Math is hard, I get it. But seriously, what makes people so inclined to make foolish decisions? More importantly, how do we educate the workforce to be resiliant to these threats?
5. TippingPoint ZDI defectors launch new vulnerability buying program - "Exodus Intelligence will use the flaw buying program and information from internal research to create a 'vulnerability intelligence data feed.'” Does having access to information about 0-day exploits really help increase the security of your organization?
6. Google warns about 'state-sponsored' hack attacks - Very little information to go on, but my question is: Does knowing that an attack is state-sponsored change the way you defend against it?
7. Post-hack, companies fire back with their own attacks - "Attacking hackers isn't necessarily the most advisable course. By doing so, companies run the risk of having their efforts brought to light, and those that make the decision could face legal reprisal. Still, some might view it as one of the best ways to send a message back to hackers that they're willing to fight it out." If there's one thing you don't want, it's an arms race with the bad guys. Your organization has a goal, stick to that, and try not to get into a "fight" with the attackers, you will most certainly lose. I've presented on constructive ways to implement "hacking back," however, this article hints towards the more traditional sense of hacking back. Again, it could spell legal trouble for you or your organization. On the other hand, organizations seem to be losing.
8. Honeynet looks to trap USB malware - A neat implementation of USB that will capture malware transmitted through USB thumb drives. It's hard to believe that in this day and age we are still using USB thumb drives, however, sometimes it's the best way to get stuff from point A to point B.