Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 34

Welcome to the Tenable Network Security Podcast - Episode 34

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst



  • CVE Details - A nice view of the CVE data, with pretty graphs!
  • What's Hiding In Your Copier?It seems that there are many reasons why people are not jumping to fix security problems on embedded systems. First, they buy them, plug them in, and they work. Audits and regulations often do not apply to embedded systems such as printers/copiers/fax machines/scanners, which are often excluded from vulnerability scans to avoid problems. The best reason for this problem persisting throughout time is that many times people don't even know they are connected to the network.
  • Host Enumeration Via DHCP - This is a neat little Python script that sends out a DHCP discover and waits for responses. DHCP servers are more than happy to tell you information about the network, such as IP address information, DNS server IP addresses and more. This script can also be used to sniff out rogue DHCP servers.
  • Testing Your Anti-Virus Program - Someone recently posted a question on a mailing list stating that they wanted to run "Netcat" on a host and bypass the installed anti-virus software, preventing it from identifying "nc.exe" as malware. If you run anti-virus software in your environment I think its a good idea to test it. I recommend the following three methods to test your anti-virus software:
    • UPX - A packer used more for compression than bypassing anti-virus, but still works in some cases.
    • PE-Scrambler - Used in the "Defcon Race-To-Zero" competition where players were tasked with bypassing anti-virus software.
    • Metasploit Msfencode - Metasploit has many encoders that can be used to alter a binary program in an effort to evade detection.

    Using these methods above, you can test not only if your anti-virus software is working properly but how difficult it would be to bypass. Also, you can test between releases and updates to be certain the behavior has not changed. Finally, these tools will help you test how your defense's react when something does slip past anti-virus software. If the answer is "nothing", then you've got some work to do in order to build more defenses.

  • New Attack Bypasses Anti-Virus Software - This method uses the old "bait and switch" technique to bypass anti-virus software. It feeds a good binary to the A/V system, then when execution happens, swaps it out for the evil binary. Pretty neat stuff!

  • Car hackers can kill brakes, engine, and more - This story really scares me! I recently bought a new car. It's not brand new (2007) but has the totally keyless entry and ignition system. The best I can tell is that it uses RFID to sense when my key fob gets in proximity of the door, then the door opens. The ignition works the same way; if the key fob is in range I can push the button to start the car. It has become clear to me that cars are implementing a lot of technology, which means people are going to hack it. The security falls out of scope for most businesses, but what happens when attackers are hacking into cars and listening in on all conversations that happened in the car? Many of us conduct conference calls and talk about business and sensitive information. Of course, until an attacker can figure out how to make money off of hacking cars, I don't think we will see widespread adoption. When the time comes when taxi cab drivers are replaced by computers, someone will figure out how to hack it to get a free ride (and yes, I watch way too much science fiction).

  • Software Security Is The Problem - It may sound strange, but centralized control and management may just be what the doctor ordered to solve some of our software security problems. I went through this when I worked for a university. Most universities are very decentralized, and to a certain extent so are most corporations. This can be a double-edged sword. On the one hand, centralized management provides uniformity and control, and therefore vulnerabilities and exposures can be mitigated on a grand scale. However, having central control is more difficult because policies must satisfy the masses, not just one particular group. For example, maybe the finance department can handle a password change per week, but the general community would incur too much support and can only handle a 180-day password change. Now we're in management hell, things get complicated, and once we've complicated things, compromises usually follow. In the case of software security, I say we should create that central office. Let it create, support, and govern software for the government, and maybe, just maybe, we'll improve slightly.

Download Tenable Podcast Episode 34

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.