Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 73

Welcome to the Tenable Network Security Podcast - Episode 73

Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO

Announcements

Stories

  • Outbound SSH Traffic from HP Blade Servers - In this case it appears to be a bug, but what if it wasn't? I believe we need to keep close tabs on network connections in our environment. I'm a huge fan of Netflow analysis, largely because if you are attacking anything on the network, you need to make a connection. It's a difficult thing to get around (provided you do not have physical access to a medium that is not being monitored, such as 3G or some other wireless protocol). Also, it raises a scary situation where devices are pre-owned, meaning that during the manufacturing process attackers placed backdoors on the systems. Network monitoring can help identify these channels. For example, you should be able to spot your networking gear's management interfaces attempting to make connections out to the Internet.

  • Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar - Quite a few years ago I was researching this type of vulnerability. It largely goes unnoticed, as we tend to pay attention to remote exploits, XSS and SQL injection. However, tricking the end-user can be very profitable (in more ways than one) by attackers. Presenting a web site that appears to go to a site that would be trusted by the user, such as Google, is a very powerful feature. The research I was doing pointed out several different flaws in popular browsers that allowed attackers to spoof the address and status bars. The vulnerability referenced here, according to the article, does not have a patch.

  • pwn2own Competition Will Be Harder Due to Patch Release for WebKit - The "pwn2own" competition always brings out some fun vulnerabilities and exploits. On one hand though, it does influence some people to find vulnerabilities, hold on to them (i.e. not tell the vendor), and then release them at CanSecWest. However, that is a showcasing of skills to find and maintain a vulnerability for a long period of time, and shows that vendors aren't doing the best job they can in finding flaws in their own software. Apple's WebKit, the browser engine that powers Safari and iTunes, typically falls victim during the contest, and likely will again even though they've patched.

  • Every Windows Security Event Log Documented - It's one thing to collect logs, but it's another to know what they actually mean. This post will help you better understand your Windows event logs using old-fashioned documentation. Let's get back to basics and start reading, and understand what our systems are doing rather than relying on magic or spiritual rituals.

  • Facebook Scam! BTW, follow us on Facebook - The whole Facebook thing is really funny. Facebook just keeps growing, and as it grows it breeds all new scams. This scam tries to lure you in by promising a video of a man who took a picture of his face every day for 8 years. Sounds interesting, but really just delivers you some malicious JavaScript. Oh, you can follow us on Facebook too, if you dare! Despite the dangers, people will still use Facebook! It happens at least a few times a month: one of my friends or family members sends out the message "please don't click any links from me, I got a virus". You can tell people, "don't use it", but chances are no one will listen, including your employees. I encourage all of us to use Facebook, and help come up with usable and creative ways of using it safely.

Download Tenable Podcast Episode 73