Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 74

Welcome to the Tenable Network Security Podcast - Episode 74

Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO

Announcements

Stories

  • Penetration Testing Execution Standard - A group has been formed to define what a penetration test really is and means. Several standards and compliance documents reference a "penetration test", but yet no one has really taken the time to define it. Carlos and I are involved with this effort, myself on the vulnerability scanning portion and Carlos on the post-exploitation side.


  • Analyzing PDF exploits for finding payloads used - If you are defending a network, you should read up on analyzing malicious PDFs, as they are likely being sent to your users.

  • Mid-Atlantic Collegiate Cyber Defense Competition (CCDC) - This was a fantastic event, thanks to all who participated!

  • With hacking, music can take control of your car - I've always pondered the use of music files and images as a way to take over a system. It happens so naturally; people play music and view images all the time, so what if there were a malicious payload inside? It's a difficult thing to defend against. For example, how do you check a music file that will be played in your car for viruses? Anti-virus software for your car?

  • Router-rooting malware pwns Linux-based network devices - First off, this is a password attack. Second, malware for Linux-based routers is not new (i.e. "Chuck Norris worm"), but still remains a threat for which we have little defense against. Still, to this day, people do not often consider vulnerabilities on embedded systems to be a big enough problem to pay attention to. However, if an attacker can compromise the router or access point, they can manipulate all of the traffic flowing through it.

  • Making sport of browser security, hackers topple IE, Safari - Browsers continue to fall at the "Pwn2own" contest. What can we do to protect our users from these exploits? I'm starting to think there is no such thing as a "secure" web browser, likely due to usability and features driving development, not security.

Presentation: Dr. Tom Langstaff

Dr. Tom Longstaff is the Chief Scientist for the Cyber Missions Branch at Johns Hopkins University Applied Physics Lab. APL is a University Affiliated Research Center, a division of the Johns Hopkins University. Tom joined APL in 2007 to work with a wide variety of infocentric operations projects on behalf of the U.S. Government to include technology transition of cyber R&D, information assurance, intelligence, and global information networks.

His talk is titled: "Where the Wild Things Are: Analyzing Attack and Defense in Our Modern Global Cyberspace"

Download Tenable Podcast Episode 74