Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 45

Welcome to the Tenable Network Security Podcast - Episode 45

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • Crack The Hashes! - There are several tools available to crack hashes, including John The Ripper and Ophcrack. This new tool called "Hashcat" looks really nice! It's able to crack multiple hashes (MD5, SHA, MySQL, NTLM, etc.), is multi-threaded, and claims a high rate of password cracking. I think it's important to note that someone could easily buy a fast server "in the cloud" and use this software to crack lots of passwords, lowing the time and cost associated with password cracking. This should cause you to implement more and better defenses than just an MD5 hashes password protecting your database. Don't forget to check out oclHashcat which uses graphics cards' CPU to crack the passwords!
  • Tinkering With Registry Allows LNK Patch to install on XP SP2 - Neat little trick! Of course, you could just install SP3...
  • Windows Kernel Bug 0-Day - Exploitable? - I tend not to base my risk decision too much on the "exploitability" factor. The truth is there could be people out there with the knowledge and skills to exploit a vulnerability that most are saying is next to impossible to exploit. Also, maybe they are just stringing us along and really do have a working exploit. In any case, if there is a bug or vulnerability, it should be patched. If patches break things, well, you should test them first. If you run software that is easily broken by a patch, then you should buy new software because there is a greater risk (and cost) of running bad software to run your business then there is that it will be exploited.
  • "Smartphone Security" - First, what the heck is a smart phone? I heard someone ask the question earlier today, and I began to think about that it really was. At the end of the day, a smartphone a computer with a cell phone built-in. I mean, its clunky to carry around a laptop and hold it to your ear to talk, so they just made them smaller. In all facets, it's just a small computer. In that sense, it should come as no surprise that it will be attacked just like your computer. Chris Wysopal stated that smartphones are now at the point the PC was in 1999. Amen brother, this is just the beginning.
  • Auditing your Kiosks - iKat is a great tool to audit your Internet terminals and Kiosks. It's a web site that you browse to when using a kiosk and provides several different ways to break-out of the kiosk environment and get to the operating system. The new version adds some features, such as newer exploits, Silverlight, and an "emo-kiosking" which crashes the kiosk in an attempt to break out. I suggest that organizations use this tool in your lab to test how difficult (or easy) it would be for someone to walk up to one of these machines and install malware on it or use it to attack the rest of the network.
  • Fuzzing Barcode Readers With LED - This is so cool: "The LED is turned on for sections of the barcode that should be white (this simulates reflected light), and off for black sections of the barcode (very little reflected light)." It could be a really neat kind of attack if you could create a barcode that were to inject malicious code into the system. You could create barcodes and stick them anywhere, hoping to get your code to run!

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.