Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 146 - "Is AV Dead?, Auditing Firewalls"

Welcome to the Tenable Network Security Podcast Episode 146

Announcements

New & Notable Plugins

Nessus

Passive Vulnerability Scanner

Compliance Audit Checks

Stories

  • Hack.me – Build, Host & Share Vulnerable Web Application Code - Looks like a pretty neat free service to let you practice web application scanning. I cannot stress this enough, the best way to learn how to find web application vulnerabilities is just to dive in and do it. Practice makes (almost) perfect. While applications are very different, the techniques to find vulnerabilities only vary slightly.
  • Side-Channel Attack Steals Crypto Key from Co-Located Virtual Machines - Don't go running to pull all of your systems and applications out of the cloud just yet. This represents a highly-sophisticated attack at the moment, but one you should be aware of if you're using cloud services and/or virtualization, which at this point, is everyone.
  • Apple's iOS 6.0.1 still has Wi-Fi bugs - The real kicker here is that if you don't upgrade to 6.0.1, you'll miss out on security fixes. If you do upgrade, you may experience severe problems with your Wi-Fi. Try to be secure all you want, function will win over security every time.
  • Cisco TACACS+ Authentication Bypass - It's always fun to actually dig into the details of a given vulnerability to see what it's all about. If it's your job to evaluate risk of the vulnerabilities affecting your organization, you've got a heavy dose of reading to do on a regular basis. I dug into this one and found that if you're using TACACS+ in conjunction with LDAP on Cisco ACS platform, an attacker can do this: "…exploit this vulnerability by sending a special sequence of characters when prompted for the user password." That means there's a "magic" password. Any guesses as to what that value could be? 1-2-3-4 anyone?
  • Is AV Dead? - "I just think it's lazy developers." This is a very light-hearted look at the problem of AV software and a bit about malware. "The world isn't just black and white anymore. But it's all binary…"
  • One in four don't clean their stinky old browsers - especially Firefoxers - Keep in mind where the study comes from: "The statistics were drawn from the web usage patterns of 10 million randomly selected Kaspersky Lab consumer customers worldwide, collected during August 2012. The data from business customers does not feature in the study." Your job this holiday season is to convert grandma from Firefox to Chrome and teach her how to keep it updated...
  • Antivirus Firm Founder John McAfee Accused of Murder, Says He's Innocent - I couldn't not talk about this story, it's the headline of the week for sure. Seems like John is a pretty eccentric guy, and I'm not sure you can believe everything you hear about this story as the facts change daily. However, sounds like he has a chemistry hobby that got out of control...
  • A history of hacking: Documentary captures essence of Def Con - Can't wait to see this one, the culture of hackers always makes for great fun!
  • Microsoft Updates November 2012 - IE, Kernel+Shell, and .NET Critical Patches - Microsoft updates this week, as usual, get patching…All plugins for the vulnerabilities are in the plugin feed.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security