Welcome to the Tenable Network Security Podcast - Episode 19
- A new blog post has been released titled "Microsoft Patch Tuesday - January 2010 - "Aged Cheese" Edition" and covers the latest patches released from Microsoft, in addition to some useful plugins to detect deprecated operating systems. Marcus Ranum also published an article titled, "Afterbytes with Marcus Ranum - Using A Dedicated PC For Online Banking".
- You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments, and suggestions!
- We're hiring! - Visit the web site for more information about open positions, there are currently 12 open positions listed!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
Interview: Jake Kouns
Jake Kouns is the co-founder and President of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database (OSVDB) and the Dataloss DB project.. Kouns' primary focus is to provide management oversight and define the strategic direction the project.
- AT&T Network Flaw With Scary Results - The Mixed Up Sessions - Imagine logging into your favorite social networking site, such as Facebook, and being presented with someone else's page. This happened recently to select AT&T customers who appear to have been victims to the problem cause by some serious networking issues at the provider. This is scary, at least for me, because no matter how careful you are with your data, it could end up in someone else's hands. When you put potentially sensitive information on Facebook, its unlike email which can be PGP encrypted.
- Multiple Media Player Quicktime Memory Corruption - A new unpatched flaw has been revealed in several applications, such as iTunes, that occurs when a specially crafted quicktime file is processed. Details and a proof of concept are available from the exploit database entry.
- New 0-Day Vulnerability in Internet Explorer 6, 7, and 8 - Reports are being made that the exploit for this vulnerability only works reliably on Internet Explorer 6. It has also been reported that this could have been the exploit used by Chinese attackers to compromise Google employees. This exploit will not work on IE version 8 as it enabled DEP by default, which for now, is thwarting successful exploitation.