Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast - Episode 41

Welcome to the Tenable Network Security Podcast - Episode 41

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • Social Security Number Format - Some interesting information about the Social Security number. I think it's important for us, meaning security professionals, to understand how the number is used, formatted, and what the numbers mean. For example, the first three digits of the SSN indicate in which state your card was issued (for the most part) and the last four are used for many things, so deductive reasoning and some guessing could lead to your SSN being "cracked".
  • CiscoWorks TFTP directory traversal exploit - This is a good example why you should take the vendor's description and impact of a vulnerability with a grain of salt (or maybe a whole box of salt). Cisco says, "A successful exploitation of this vulnerability may allow an attacker unauthorized access to view or modify application and host operating system files. Modification of some system files could result in a denial of service condition." The blog post linked to above tells a different story, and shows how to remotely upload files to gain remote command execution. If this is your CiscoWorks server, it means the attacker can control the devices on your network that are reporting to it, including obtaining management keys (SSH/Telnet/SNMP).
  • Stored XSS Vulnerability on YouTube - Stored XSS (or persistent XSS) is worrisome for a few, ignored by many, and deadly for attackers. The ability to execute code in someone's browser in the context of a site they "trust" is very powerful. Dave Kennedy has developed some code that allows you to include a Java applet that runs executables on a person's system and finds it very successful when penetration testing.
  • Tabnapping Attack On The Increase - This is a really neat attack that takes advantage of tabs in most browsers. Tabs are awesome, but in this case are being used against the user, mostly to steal credentials.
  • Stego beats NSA detection - Pretty neat story of Russian spies getting caught (I mean, anything with Russian spies is fun stuff ala James Bond!). Turns out they were using information hidden in images (steganography) to hide information.
  • Adobe's protection against embedded scripts incomplete - Apparently double quotes can be used to bypass the checks put in place by Adobe to prevent script execution.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training