Welcome to the Tenable Network Security Podcast - Episode 74
Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO
- Several new blog posts have been published this week, including:
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!
- Penetration Testing Execution Standard - A group has been formed to define what a penetration test really is and means. Several standards and compliance documents reference a "penetration test", but yet no one has really taken the time to define it. Carlos and I are involved with this effort, myself on the vulnerability scanning portion and Carlos on the post-exploitation side.
- Analyzing PDF exploits for finding payloads used - If you are defending a network, you should read up on analyzing malicious PDFs, as they are likely being sent to your users.
- Mid-Atlantic Collegiate Cyber Defense Competition (CCDC) - This was a fantastic event, thanks to all who participated!
- With hacking, music can take control of your car - I've always pondered the use of music files and images as a way to take over a system. It happens so naturally; people play music and view images all the time, so what if there were a malicious payload inside? It's a difficult thing to defend against. For example, how do you check a music file that will be played in your car for viruses? Anti-virus software for your car?
- Router-rooting malware pwns Linux-based network devices - First off, this is a password attack. Second, malware for Linux-based routers is not new (i.e. "Chuck Norris worm"), but still remains a threat for which we have little defense against. Still, to this day, people do not often consider vulnerabilities on embedded systems to be a big enough problem to pay attention to. However, if an attacker can compromise the router or access point, they can manipulate all of the traffic flowing through it.
- Making sport of browser security, hackers topple IE, Safari - Browsers continue to fall at the "Pwn2own" contest. What can we do to protect our users from these exploits? I'm starting to think there is no such thing as a "secure" web browser, likely due to usability and features driving development, not security.
Presentation: Dr. Tom Langstaff
Dr. Tom Longstaff is the Chief Scientist for the Cyber Missions Branch at Johns Hopkins University Applied Physics Lab. APL is a University Affiliated Research Center, a division of the Johns Hopkins University. Tom joined APL in 2007 to work with a wide variety of infocentric operations projects on behalf of the U.S. Government to include technology transition of cyber R&D, information assurance, intelligence, and global information networks.
His talk is titled: "Where the Wild Things Are: Analyzing Attack and Defense in Our Modern Global Cyberspace"