Welcome to the Tenable Network Security Podcast - Episode 73
Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO
- Several new blog posts have been published this week, including:
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!
- Outbound SSH Traffic from HP Blade Servers - In this case it appears to be a bug, but what if it wasn't? I believe we need to keep close tabs on network connections in our environment. I'm a huge fan of Netflow analysis, largely because if you are attacking anything on the network, you need to make a connection. It's a difficult thing to get around (provided you do not have physical access to a medium that is not being monitored, such as 3G or some other wireless protocol). Also, it raises a scary situation where devices are pre-owned, meaning that during the manufacturing process attackers placed backdoors on the systems. Network monitoring can help identify these channels. For example, you should be able to spot your networking gear's management interfaces attempting to make connections out to the Internet.
- Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar - Quite a few years ago I was researching this type of vulnerability. It largely goes unnoticed, as we tend to pay attention to remote exploits, XSS and SQL injection. However, tricking the end-user can be very profitable (in more ways than one) by attackers. Presenting a web site that appears to go to a site that would be trusted by the user, such as Google, is a very powerful feature. The research I was doing pointed out several different flaws in popular browsers that allowed attackers to spoof the address and status bars. The vulnerability referenced here, according to the article, does not have a patch.
- pwn2own Competition Will Be Harder Due to Patch Release for WebKit - The "pwn2own" competition always brings out some fun vulnerabilities and exploits. On one hand though, it does influence some people to find vulnerabilities, hold on to them (i.e. not tell the vendor), and then release them at CanSecWest. However, that is a showcasing of skills to find and maintain a vulnerability for a long period of time, and shows that vendors aren't doing the best job they can in finding flaws in their own software. Apple's WebKit, the browser engine that powers Safari and iTunes, typically falls victim during the contest, and likely will again even though they've patched.
- Every Windows Security Event Log Documented - It's one thing to collect logs, but it's another to know what they actually mean. This post will help you better understand your Windows event logs using old-fashioned documentation. Let's get back to basics and start reading, and understand what our systems are doing rather than relying on magic or spiritual rituals.