Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 44

Welcome to the Tenable Network Security Podcast - Episode 44

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • More Badge Hacking Fun! - Dennis Brown had some fun with the Ninja Party badges, which all used ZigBee with little authentication, meaning you could change player levels and messages on other people's badges.
  • GSM Catcher gets a run at Defcon - I saw a Tweet this weekend that describes GSM as Telnet and 3G as SSH. This is pretty scary as GSM is still in widespread use.
  • VxWorks Vulnerability Details Released - VxWorks is a very popular embedded operating system. Vulnerabilities were recently discovered that allow a remote attacker to read memory from a device over a UDP port. This also allows you to gain access to the device and trivially crack the password hash that uses proprietary encryption (which is a no-no). I also found this to be the scariest part: "it became obvious that an unknown party had already spent most of 2006 scanning for this service". While we all hem and haw about disclosure, I've always had a sneaking suspicion that the real bad guys are one step ahead of us, and in this case they were about four years ahead.
  • Malware for Nintendo DS and Wii - Researchers demonstrated how they could upload code into these devices and then in turn cause them to attack the network. Most people don't think about their gaming console getting a "virus", but I am glad someone is doing this research and publishing it because I've always speculated about this attack vector.
  • Android Rootkit - Really cool use cases, like reading all phone history and text messages, make calls on the phone without the user knowing (e.g. 900 numbers). The rootkit is a Linux kernel module that can hide its presence.
  • Marcus Ranum: Be Serious About "Cybersecurity" - Pretty neat interview with Marcus covering a lot of different topics. One thing that bothers me though is the two-factor authentication and using to protect endpoints. I think if the endpoint is compromised, it doesn't matter how many factors of authentication you have: your data is compromised. Since I can compromise an endpoint and gain direct access to memory, the network traffic, and keyboard strokes it means I can bypass all the security you have in place.

Download Tenable Podcast Episode 44

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.