Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 60

Welcome to the Tenable Network Security Podcast - Episode 60

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

Stories

  • SSL: the sites which don't want to protect their users - With it being "Cyber Monday", I thought this post was timely.
  • Whacking Moles - It's neat that defenders still like to play the process "whacking" game, even though you can execute everything in memory using an already existing process. It does make for fun command line kung fu though, which I still think is handy if you are a systems administrator.
  • Windows "0-Day" Flaw Bypasses UAC - There are many users who believe either one of two things about UAC: 1) "Wow, this really helps me be secure!" or 2) "Wow, this is annoying, turning it off now". In either case, the user is in a bad situation. Believing that something can keep you secure often leads to a quick downfall.
  • You're Only As Secure As Your DNS Servers - As Secunia found out, you should have some pretty tight security around your DNS server, especially if you run a service where users can scan their PCs for outdated software. Wow, wouldn't that be a neat database for an attacker to get their hands on!
  • Apple iOS Networking Packet Filter Rule Invalid Pointer Access Local Privilege Escalation - Remote attacks against iPhones would be bad as they are easy to identify on the network. You could even target just AT&T address space.
  • ZeuS variant only infects super-fast PCs - Malware authors are looking to evade detection and analysis, rather than just harness computing power. Even a bunch of slow PCs can do a lot of "evil bidding".

Download Tenable Podcast Episode 60