Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 44

Welcome to the Tenable Network Security Podcast - Episode 44

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • More Badge Hacking Fun! - Dennis Brown had some fun with the Ninja Party badges, which all used ZigBee with little authentication, meaning you could change player levels and messages on other people's badges.
  • GSM Catcher gets a run at Defcon - I saw a Tweet this weekend that describes GSM as Telnet and 3G as SSH. This is pretty scary as GSM is still in widespread use.
  • VxWorks Vulnerability Details Released - VxWorks is a very popular embedded operating system. Vulnerabilities were recently discovered that allow a remote attacker to read memory from a device over a UDP port. This also allows you to gain access to the device and trivially crack the password hash that uses proprietary encryption (which is a no-no). I also found this to be the scariest part: "it became obvious that an unknown party had already spent most of 2006 scanning for this service". While we all hem and haw about disclosure, I've always had a sneaking suspicion that the real bad guys are one step ahead of us, and in this case they were about four years ahead.
  • Malware for Nintendo DS and Wii - Researchers demonstrated how they could upload code into these devices and then in turn cause them to attack the network. Most people don't think about their gaming console getting a "virus", but I am glad someone is doing this research and publishing it because I've always speculated about this attack vector.
  • Android Rootkit - Really cool use cases, like reading all phone history and text messages, make calls on the phone without the user knowing (e.g. 900 numbers). The rootkit is a Linux kernel module that can hide its presence.
  • Marcus Ranum: Be Serious About "Cybersecurity" - Pretty neat interview with Marcus covering a lot of different topics. One thing that bothers me though is the two-factor authentication and using to protect endpoints. I think if the endpoint is compromised, it doesn't matter how many factors of authentication you have: your data is compromised. Since I can compromise an endpoint and gain direct access to memory, the network traffic, and keyboard strokes it means I can bypass all the security you have in place.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.