Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 131 - "Botnet Hosts, Management from the Cloud"

Announcements

New & Notable Plugins

Nessus

  • Active Inbound Connection From Host Listed in Known Bot Database - The ability to identify whether a host is connecting to a host in a botnet, or a host in a botnet is connected to it, is important information.
  • Cisco ASA 5500 Series DoS - I lost track of how many times I've been taunted with the words, "I'm gonna DoS your firewall!" Oh wait, that was just something I heard in the movies and on TV. Turns out it's a reality if you're using an ASA firewall configured with IPv6. I wonder just how many more vulnerabilities are going to crop up for IPv6 protocol stacks (we even see IPv4 vulnerabilities crop up now and again!).
  • Malicious Process Detection: Potentially Unwanted Software - Nessus now makes the distinction between malware and software that could be used for "evil" but has a chance of not being malicious (like Netcat).
  • MikroTik Winbox Less Than 5.17 File Download DoS - " An unauthenticated, remote attacker may make multiple requests to download a large file, resulting in the service becoming unresponsive." MikroTik makes some super cool hardware too, fantastic wireless access points. They have their own operating system called RouterOS, however, this vulnerability is in a utility called Winbox used to configure the operating system.
  • Oracle iPlanet Web Server Between 7.0 and 7.0.15 Vulnerabilities - Looks like some XSS vulnerabilities and one bug called "Range Header DoS" are listed as "could not be reproduced."
  • Winamp Less Than 5.63 Vulnerabilities - Winamp is still going strong with all kinds of software products for media. Turns out they have some vulnerabilities that have been corrected.
  • ACDSee Pro Less Tan 5.2 Memory Corruption Vulnerabilities - No, not the great classic rock band, the image editing application! They have patched four heap overflows, and something about being a long way to the top if you want to heap overflow.
  • HAProxy Trash Buffer Overflow Vulnerability - HAProxy is a load balancer, have to make sure this type of device is always patched as even DoS vulnerabilities can be severe (though this one happens to be a buffer overflow). There are some mitigating circumstances: "It requires that the global.tune.bufsize option is set to a value greater than default and that header rewriting is configured."
  • Quagga Less Than 0.99.19 Vulnerabilities - For those that may not know: "Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro." We recently published quite a few plugins to detect vulnerabilities on this platform.

Passive Vulnerability Scanner

SecurityCenter Dashboards

Stories

  1. Users enraged by Cisco's cloudy 'upgrade' to Linksys routers - This comment from a user sums it up nicely: "I was actually really looking forward to the potential for the cloud apps on the 4500. What I see now is a serious deficiency in having to be forced to go through the cloud for basic router functionality. The interface is pretty but functionally inferior and slow to do edits with. Honestly, it is a real let down. But to restrict functionality and access to functions UNLESS signed into the cloud? No way Jose. Cisco, you are a hardware manufacturer, NOT my network administrator by proxy."
  2. Number of Serious Web Vulnerabilities Dropped in 2011 - My only question on this is if it comes from WhiteHat Security's customers only, who care enough about security to hire their services, wouldn't it make sense that these vulnerabilities went down?
  3. Password Audit of a Domain Controller
  4. Open Security Research: Hack Tips: CiscoWorks Exploitation - Nice little article covering how to perform some post-exploitation steps on CiscoWorks, such as dumping out device configuration.
  5. Exploiting Windows 2008 Group Policy Preferences - Expanded
  6. BMC Remedy Password Descrambling - "The BMC Remedy application scrambles the users password with client side javascript on the login.jsp page."
  7. eHarmony Password Dump Analysis - Okay, I'm going to rant again about password length: "The most popular length of password was seven characters. Followed closely by six characters and eight characters. Expectedly, the percentages drop drastically as you go higher in length." 23% of the passwords were 7 characters, 0.5% were 14 characters.




Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.