Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 64

Welcome to the Tenable Network Security Podcast - Episode 64

Hosts: Paul Asadoorian, Product Evangelist, and Ron Gula, CEO/CTO



  • A router that runs the Tor software prevents Web tracking - While off-loading your Tor traffic routing and encryption to your home router may sound appealing, Tor comes with its own set of caveats. For example, how can you be certain the Tor exit node you are using is not operated by someone with malicious intent? For general web browsing it can be problematic, as the exit node you go through may be in another country with restrictions on content that can be viewed. Tor does a great job of providing anonymity, but use caution when sending your data over this network as someone could be listening.
  • Breaking GSM Using a $15 Phone - This is the same thing as Wifi. In the beginning, it was really expensive to eavesdrop on Wifi, so people implemented no security. Then more people sniffed Wifi, so they came up with WEP. WEP was easily broken, and the cost of Wifi sniffing plummeted so they came up with WPA. The problem is that people still THINK Wifi is secure when its really not. GSM seems to be going through a very similar evolution.
  • Wikileaks Targets - Interesting little rumbling of Wikileaks having information on Bank Of America. Recent reports are stating this is not untrue. My fear is that even speculation could be damaging.
  • thicknet: starting wars and funny hats - This has to be one of the best blog posts I've read in quite some time (aside from any of Ron's posts, of course). The concept is pretty simple; it's like your cutting in at a dance and stealing the homecoming queen, but with technology. Using TCP, some Perl scripts and MiTM, you can steal sessions and do whatever you want with them. Why wait for sensitive data to be passed? Just steal the session, send a query/request for sensitive data, and be done. I really love this technique.
  • 2011 Predictions - This section left blank intentionally. No, seriously, as a general rule of thumb I don't make predictions. They tend to be not based on fact and not really all that helpful. It is fun to speculate, but take it for what it's worth: speculation. However, we can tell you about some of the things that Tenable is working on for 2011.

Download Tenable Podcast Episode 64

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.