Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 37

Welcome to the Tenable Network Security Podcast - Episode 37

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements



Ron Gula - Cisco Configuration Audits

Stories

  • Attack Of The Credit Card Cloners - While phishing attacks from the comfort of your own home (or parents' basement, as the case may be) are well-known and used, sometimes you just have to go to the source. Attackers know that retailers are handling consumers' credit cards and swiping them at every moment. New devices are implanted in the network and used to steal the credit card information, then transmit the data over a modified cell phone over GSM using SMS. Pretty sweet! It is difficult to detect the GSM data transfers, but certainly not impossible.
  • Adobe Flash 0-day! - Flash has become something as common as a web browser. I mean, what is a browser if it can't view YouTube or Hulu? Therefore, attackers are all over Flash, finding flaws and exploiting it just like it was Internet Explorer itself. I use a Firefox plugin called "Flashblocker" which I feel helps give time to decide if I want to run Flash on a particular web site.
  • Commoditizing Penetration Testing? - I really like how this post defines what a commodity is: something that is the same no matter where it is produced, like paper. You don't want your pen test to be like paper; penetration testing is more dynamic and custom. If you commoditize it, you may end up with a report that is about as useful as a blank piece of paper.
  • Smartphones, Apps and Malware - I believe there will come a time when the smartphone is just as bad as the desktop in terms of viruses. As we put more functionality on these devices and phones, attackers will take notice and use them for evil. When we start doing more banking, paying for goods from our phones, starting our cars, etc... the smartphone will become even more of a target. I don't see the botnet model being brought to smartphones, but I do see malicious apps working their way into the ecosystem to spy on people and steal information. Its just a way of life, so how do we deal with it? Clearly anti-virus is not the answer, and unfortunately I don't have many good answers to the problem.
  • Zone-H Defacement Statistics Report for Q1 2010 - Web defacements go beyond web application vulnerabilities! I am glad this study backs this statement up. It's something that I have been telling people for years. A friend of mine, who teaches some popular courses in web application security, told me a long time ago that one of the first things to test in a web application assessment is the security of the platform. If an attacker can gain a shell via a hole in Apache or weak SSH credentials, then it's game over! It's important not to have tunnel vision when attacking (and securing) your web applications.
  • Top 10 Things You May Not Know About Tcpdump - Tcpdump is one of my favorite tools for troubleshooting, packet analysis, and incident response (among other things!). Take the time to learn the command line version as you can run it just about anywhere, and once you get good with it you will be able to troubleshoot problems very quickly!

Download Tenable Podcast Episode 37