Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 50

Welcome to the Tenable Network Security Podcast - Episode 50

Announcements


Stories

  • Hexinject - Packet Injection Tool - I think it's really interesting to see what can be injected into packets, such as turning ARP requests into ARP responses! The potential attack vectors are numerous.
  • Apple Secret "wispr" Request - I find it neat when a particular device sends out a default "phone home" or other kind of probe on a wireless network. This leaves it vulnerable to all sorts of attacks and there are many researchers working on a way to exploit this one.
  • Accton Switches Backdoor - Vendor Response - Here we go again, a gaping security hole put into a product in the name of user friendliness. I think this is a lame excuse. If your product is well designed and documented, you should not have to put a security hole in it to make it usable.
  • Security is so much better than 10 years ago... - Someone obviously got the wrong idea about measuring security. There is a difference between local and global incidents, and just because we haven't seen something like the "ILOVEYOU" virus in the last ten years doesn't mean security is getting better. It begs the question, is security getting better, worse, or is that question just oversimplifying everything?
  • Bear in the woods or prairie dog in the forest? - I like going through these analogies; it's fun because not only do we get to talk about all kinds of animals, but it helps us understand the right things to do. The prairie dog allows smaller animals to take refuge in their homes, giving them protection from predators. Starving the predators (or attackers) is a good analogy as we don't want to keep feeding the bad guys and let them get more powerful.
  • Five Ways To Stop Mass SQL Injection Attacks - While I think these steps are a good start when addressing SQL injection, they don't address the real problem: that people aren't doing these things in order to stop attacks! Developers do not always validate input and organizations do not always implement security controls around their web applications and databases.
  • upSploit Advisory Management - This is a very cool "automated" system for managing the vulnerability disclosure process. I thought it was nice for those that find vulnerabilities, create exploits for them, and just sit on them because a vendor is unresponsive. Usually these are low impact vulnerabilities, and I think this system will work well in that scenario.

Download Tenable Podcast Episode 50