Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 71

Welcome to the Tenable Network Security Podcast - Episode 71

Hosts: Paul Asadoorian, Product Evangelist and Carlos Perez, Lead Vulnerability Researcher

Announcements

Stories

  • Security vulnerabilities galore in social networks - A new web site, www.socialnetworksecurity.org, has been created to document the ever increasing vulnerabilities present in popular social networking sites such as Facebook. It seems that many sites, as it will come to no great suprise, are vulnerable to things like XSS. I believe it's the nature of the beast, so many of these web sites are in a race to add features and functionality, and it's too time consuming for them to properly identify security vulnerabilities as they go along. I do hope that big web sites take a step back from the fast and furious pace and start to implement security, before they get too far down a path and end up with a site that requires a major overhaul to be "secure".


  • inSSIDer 2 - Neat little wireless tool - Remember the days of NetStumbler? Those were fun, I know! Since then though many of the original wireless tools have not been kept up-to-date to support Windows 7 and 64-bit. Enter inSSIDer: it works with XP, Vista, and 7 (32 and 64-bit) and claims to use the native WiFi API to find wireless networks in your area and let you sort them or even correlate them with a GPS.

  • Meet hacker's new best friends, Anti-virus and Firewalls - Turns out anti-virus software and firewalls have vulnerabilities too! How worried should you be about them though? It's an interesting question that begs debate.

  • Monitoring Your Database - I find that so many environments ignore databases as a source for security information. If you really think about it, you should start implementing security at the database level because, well, that's where we keep the information. GreenSQL makes a free product for you to try out and you can use Tenable's enterprise tools to monitor and scan your databases and database systems.

  • Good Tip on Snort DAQ - With Snort 2.9 came DAQ, or Data Acquisition Library, which abstracts the system calls to "get packets" into a self-contained library that supports PCAP and several other methods. For those running Snort, be warned: it requires some tuning and special attention, and some of the details are highlighted in this article.

  • SSDs are Tougher to Erase Securely - It sounds silly, but you should have a method of physically erasing data, e.g. sledgehammer, fire, shotgun, whatever your favorite weapon of destruction happens to be. Maybe shredders need to have slots now for USB thumb drives.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.