Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 29

Welcome to the Tenable Network Security Podcast - Episode 29

Announcements


Stories

  • Why I Use Firefox - At the recent "Pwn20wn" contest at CanSecWest security conference, a researcher known as "Nils" successfully exploited Mozilla Firefox 3.6.2, bypassing Windows operating system defenses such as ASLR and DEP. This is truly quite the accomplishment, and as the article states: a motivated attacker will find ways to bypass defenses. All browsers were exploited in the "Pwn20wn" contest, including Internet Explorer and Safari (but possibly not Chrome... we're still researching!). However, Mozilla has already fixed the bug that led to this vulnerability and released the patch. Both Microsoft and Apple are still "taking it into consideration". This is why I run Firefox; there is no such thing as a truly "secure" web browser, so I go with the one who can crank out patches the fastest.
  • The Most Depressing Post of the Week - WHID - The Web Hacking Incidents Database is a project run by OWASP in order to track incidents that have occurred as a result of web application attacks. The post linked here is a sample of some of the entries, which include stories such as, "A mentally ill woman exploited a loophole in D.C. tax office online systems to gain unauthorized access to taxpayer accounts."
  • Scraping Time Servers - HD Moore has published a Metasploit module that will execute a DoS attack using the NTP protocol, which can be initiated with a single packet. I first heard of the NTP work HD was doing on the Risky Business podcast. At a Security B-Sides event held along side the RSA conference HD presented his research into NTP. He figured out that there are some neat features built into NTP that are not associated with keeping time. The most useful are the ability to query an NTP server and receive a list of clients that are using it to keep time, in addition to any peers of the NTP server. This allows you to map and discover many hosts on the Internet. Very cool research!
  • Certified Pre-0wned - There have been several reports of devices shipping from the factory with malware installed on them . The latest is the "Energizer trojan", which infects systems, adds itself to the startup registry key, appears to contain Chinese-created software and sets up a listener on TCP port 7777. The lesson to learn here is that no matter how well your systems are protected, malware may find its way into your network. If you are not looking for it, this does not mean it will not exist. Simply relying on anti-virus software alone is a huge mistake, as there are many factors that contribute to the effectiveness of anti-virus software (such as keeping the software and definitions updated). Regular scans using a vulnerability scanner such as Nessus (which can detect several different kinds of malware) is a good measure to add to your overall security strategy.

Download Tenable Podcast Episode 29