Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 142 - "Tivoli Endpoint Manager Support, Threat Intelligence"

Welcome to the Tenable Network Security Podcast Episode 142

Announcements

New & Notable Plugins

Nessus

Passive Vulnerability Scanner

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

Stories

  1. Former LulzSec member pleads guilty to conspiracy in Sony Pictures hack - Guilty plea, likely because their leader, Sabu, acted as an informant for the FBI. Tough to win a case when the leader of your group is a rat. LulzSec seems to be no more, wonder what the name of the next hacking group will be...
  2. Rise In U.S. Hacker Attacks Against China - I want to know how you tell where the attacks are really originating from. With proxy servers and smarter malware, the origin of attack is sometimes a closely-guarded secret, unless you don't care about being caught, which means you're not doing anything anyone cares about.
  3. Security Monitoring An Elixir For Intrusion Costs? - This article talks about intelligence gathering, but spinning it around and learning more about the attackers. I often wonder how valuable this information is to your defenses.
  4. Master Keys - Apparently, it's pretty easy to make a key based on a picture, which in this case would be bad, very, very bad.
  5. Never Attribute to Malice, but Always Verify - I'm at odds with this statement: "Decisions on IT purchases or boycotts should be made on facts. Organizations should test technology for vulnerabilities and backdoors, which I would argue are just intentional vulnerabilities. If it passes the test, make the purchase." Is it up to you as the consumer to test stuff going on your network? If so, what level of testing? Shouldn't the vendor test their own stuff? When I buy a new car, I expect that everything works. Do I have to hire a mechanic to run through a brand-new car to make sure it's safe?
  6. Majority of SMBs Have No Security Policies or Contingency Plans - Educating small businesses needs to be an ongoing effort, and there needs to be more work done to create programs that will allow them to be more secure. Outsourcing is all most SMBs have in terms of a fighting chance for security.
  7. Security Manager's Journal: I hired a hacker - Hrm, sounds like some further planning could have made this an even better test. Scanning your external IP address space with Nessus would have likely uncovered the DNS problems, some application security may have uncovered SQL injection, two-factor authentication helps, and an end-user awareness training program will do you good. But, if you don't know where the gaps are, how do you plug them?
  8. Apple's Combined Patching - I don't like how Apple patches 197 security vulnerabilities and forces you to upgrade to the latest OS, which changes functionality such as maps and podcasts.