Welcome to the Tenable Network Security Podcast - Episode 33
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
- Several new blog posts have been published this week, including:
- New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
- Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.
- We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed, including a Digital/Web Strategy Coordinator.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!
- Why buffer overflow exploitation took so long to mature - I am a big believer in learning from history, otherwise you are doomed to repeat it. As we all know, buffer overflow exploitation is commonplace today, even bypassing some of the more advanced defenses against it such as ASLR and DEP. What troubles me is that there are all kinds of new attack tactics and methodologies that just haven't caught on yet (such as last week's network card firmware malware). Most people ignore these attacks until they are commonplace, but by then it's too late! Defenders need to start getting ahead of the curve, and as time goes on this is a heavy requirement for success in defending against the modern attacker.
- Privilege Escalation Without Exploits - This mini-tutorial shows you how to use Metasploit to use the SA account on MSSQL to escalate privileges to SYSTEM. There are two critical mistakes made in the system configuration. One, the cleartext SA password is left in an ASP script, and two, MSSQL is running as SYSTEM. This is a common method of privilege escalation that proves that system hardening should not be a lost art.
- ATM Rootkit to Appear at Blackhat - Barnaby Jack has done some testing with ATMs and found security vulnerabilities. He used to work for Juniper, who would not let him speak because the vendors had not patched the flaws. He now works for IOActive and they are happy to have him speak on the topic. A year has passed since being silenced, and he now has two working exploits for ATMs from different vendors. Jeff Moss has the best quote in the article: "Apparently you can make all the money come out".
- Little Snitch - Little Snitch is a neat little program for Mac OS X that tells you which applications are making outbound TCP/IP connections. I believe it's important for users to be aware of this behavior and understand why an application is making a connection. I will caution that this is not for the average user, but advanced users should run this tool and keep tabs on what applications are doing. There is so much software out there that we cannot analyze all of its behavior, but if we split up the workload and share information, we can seek out evil or Trojaned applications and cut the malicious behavior short.
- It Can Happen To Anyone - A well-executed phishing attack can be successful against even the most cautious users. It's scary to think that this is true, but it most certainly is. Even if you keep everything all patched and up-to-date, attackers are going after your credentials and the security of a web application is completely out of your control. For example, a persistent XSS attack is all I need to harvest user credentials on a web site (similar to the Apache breach last week).
- Phpnuke compromised! - As if PHP security wasn't difficult enough, a content management system called "phpnuke" had its web site compromised. It was discovered to be distributing malware via a hidden iFrame. Scary quote of the week: "The downloaded executable is detected by 12% of antivirus products, according to VirusTotal."