Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 25

Welcome to the Tenable Network Security Podcast - Episode 25



  • Detecting the TDSS/TDL3/Tidserv rootkit with Nessus (Login Required) - This is really great usage of an audit file! It searches the Windows registry for keys associated with the rootkits and alerts on it. This is the rootkit that was causing the "Blue Screen Of Death" problems when users applied some of the recent Microsoft patches. Nessus ProfessionalFeed customers can download the audit file and use it to detect this rootkit in your environment before applying the patches from Microsoft.
  • New Internet Explorer Vulnerability - This is perhaps one of my favorite vulnerability write-ups in a long time. First it states, "a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website" and then goes on to say "As of now all users need to remember is to not press F1 when they are accessing websites." Can we just remove the F1 key from the keyboard?
  • SCADA Devices on Verizon and Other Wireless Networks - This is interesting, as I have been doing some of my own research in this area. Many SCADA security tactics rely on the so-called "air-gapped" network. This usually does not work out so well when stuff needs to actually talk to other stuff. So slowly they creep onto the network, but since the assumption is that it's "Air-gapped" no one really bothers to look for these devices on the network. Also, since it's a "harmless" embedded system people will assume that they do not have to secure it, so they leave default passwords. This is just a bad combination! Take time to secure everything in your environment and apply your security strategy to all systems, even the embedded ones.
  • GuestStealer Information Wrapup - This is a great summary post of all of the information surrounding the guest stealing vulnerability released at Shmoocon. Nessus was used to detect a directory traversal vulnerability that lead to multiple vulnerabilities in VMware systems that could allow an attacker access to download the entire collection of guest operating systems on the host. Nessus has new checks that look for this specific vulnerability as well.

Download Tenable Podcast Episode 25

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.