Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 30

Welcome to the Tenable Network Security Podcast - Episode 30



  • Don't Change Your Password - I have mixed feelings about this article. The security professional in me, with experience in implementing security in the trenches at several different corporations and universities, wants to shred it until it cries "uncle". Changing your password on a regular basis does have some benefit, doesn't it? I remember being on a penetration test and compromising an older server that contained a whole bunch of Windows password hashes (stored in LANMAN format, none the less). They were easy to crack because they were stored in an older format, but the problem was that they were old passwords. Fortunately, they had no password reset policy. And fortunately for me, one of the passwords I cracked belonged to a user in the domain admin group within the domain. So, as crazy as it sounds, changing passwords does help. On the flip side the argument is that changing passwords is too hard for users and takes too much time. In most cases I agree with this statement. I believe that IT departments need to make it easy for end-users to implement this security measure, which really only protects you from a dedicated attacker. Making users spend too much time implementing a defensive measure that has little impact doesn't make much business sense.

  • Escaping From the PDF - This is a really neat technique developed by Didier Stevens that uses the "/Launch" feature in a PDF to execute a command. Recently Didier figured out that Foxit released a patch, but that the Adobe exploit now worked in Foxit! Crazy stuff happening here and I'm wonder just what legitimate purpose the "/Launch" feature has in a PDF document! Why does a user need to launch an executable when reading a PDF document (or any document for that matter)?

  • Sun Solaris now on a Quarterly Patch Cycle - Is it enough? We see major companies (Microsoft, Cisco, Oracle, Adobe and others) whose software and hardware make up a large percentage of the install base across the globe, and patches are released monthly at best, sometimes quarterly, and bi-yearly if you are Cisco. If you're an evil bad guy, patch cycles that are driven by the vendor provide a nice window of exploitation. If you can find and exploit vulnerabilities before the vendor issues the patch, you're golden... that is, if you can get in and stay in without getting caught. Shortening this window of exploitation would prevent a lot of attacks. Of course we still have to get the organizations to apply the patches, but that's a whole different story.

  • Too Much Money Spent on Compliance - Frequency of an incident versus the level of damage are two factors that seem to never be taken into consideration properly. It's a tough call; the incidents that are least likely to occur can cause the most damage and have the most financial impact. The more frequently successful attacks are typically of low impact. For example, lots of malware is installed on computers that become part of a botnet and the malware doesn't even look at the data on the system. However, an attacker targeting your organization can do serious damage and maybe even collect sensitive information, take your network hostage, and leak trade secrets. This occurs less frequently than automated malware, but is far more damaging. Compliance seems to be a good guideline to help prevent automated malware, but does not go deep enough to protect against more serious threats.

  • Cisco WLAN Flaws & The Bigger Picture - Proprietary and usually embedded systems are often weak links when it comes to security. Cisco's implementation is no exception. Researchers have found that they are still using LEAP in some capacity and the management interfaces contain SNMP and web application flaws. An attacker could exploit these vulnerabilities to obtain encryption keys. I believe that wireless attacks are most beneficial to attackers, as it allows for an easier MiTM attack to take place because you can access all wireless clients in one fell swoop. Also, many devices, especially in the medical field, only use wireless where these types of attacks are especially useful. Everyone spends time to secure desktops and servers, but then ignore the embedded systems (which is a good example of this failure). What will happen when computing as a whole moves to using more embedded systems over the desktop? The researchers also state that the vulnerabilities were not as easy to find as using a standard Nessus scan. Remind me some time to tell you the story of a vulnerability I found on a wireless controller by doing an operating system fingerprint using Nmap.

Download Tenable Podcast Episode 30

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.