Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher, Jack Daniel, Product Manager
- Several new blog posts have been published to the Tenable Blog:
- 4 out of 5 CISOs Don't Scan for Off-Port Web Servers
- Comparing the PCI, CIS and FDCC Certification Standards
- Firewall and Boundary Auditing Best Practices
- Risky Business #198 - Tenable CEO Interview on Cybercrime Insurance
- Microsoft Patch Tuesday Roundup - June 2011
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
- WordPress plugins Trojanised, spotted, fixed - I get nervous when the application I am using supports plugins and add-ons that are not written or even checked centrally. It compromises the security of the framework.
- Patching Flash - CVE-2011-2110 post-mortem - People patch Flash quicker than Java, however we can still get an improperly signed Java application to execute code. In fact, we can even purchase a certificate, rid ourselves of the warning, and still get code execution, and to throw in a bonus we can bypass anti-virus. You don't need a vulnerability to compromise a system.
- Most Common iPhone Passcodes - "1234", that's also the password to my luggage.
- Sony lawsuit: security experts fired prior to breach - I bet there are a few people sitting around saying, "I told you so".
- DNS cache poisoning: still works and still makes lots of damage - Why can't we as a community work to prevent this type of attack, or can we?
- Are All Networks Vulnerable? - Is yours? Johannes makes a good point, it's not about protecting 100% of the security incidents.
- Rootkit infection requires Windows reinstall, says Microsoft - Get this, it's a "boot sector" virus, remember those?
- Disgruntled IT guy slips porn into CEO's PowerPoint - A few lessons learned here: 1) Never give a presentation while your laptop has a network/Internet connection, 2) Don't anger your IT department, 3) Maintain the integrity of your laptop.
- Virtualization and cloud computing race ahead of security practices - I mean, really, what is all the fuss about virtualization security? Your systems can be virtual or real, security is still a problem. I just don't get all the fuss.