Tenable Network Security Podcast - Episode 92

Hosts:

• Paul Asadoorian, Product Evangelist
• Ron Gula, CEO/CTO
• Carlos Perez, Lead Vulnerability Researcher

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch auditing using Nessus.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• SILENT BUG IS SILENT. - A seemingly well-known bug in Internet Explorer, which allows for privilege escalation within IE itself, has been silently fixed. The bug allows processes in low integrity mode to execute processes in medium integrity mode. A remote exploit in IE is required to take advantage of this flaw, which has been patched.
• Blow Your Own Horn - This article describes a series of talks in which the presenter was to offer situations in information security where they "won". An elevator speech if you will, and one such example was this: "Last year you (the Board) approved purchase of a $50,000 license fee for AV software on the email server. This past month, records show it stopped 1 million viruses, which would otherwise have gotten through. Had they been run, they would have cost $500 each (estimated industry average) to clean up. Therefore, your prescient decision to spend $50,000 has returned $500,000,000 to the company."Is that a "win" or an example of socially engineering management?
• Anonymous hacks BART, creating even more innocent victims - Anonymous hacks San Francisco's BART (Bay Area Rapid Transit) system. "They performed a SQL injection (SQLi) attack against the site and were able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes." Begs the question, what are the motives of Anonymous? Do they wish to expose user data to hurt the users themselves, hurt the target organization to make an example, or are they funded by organizations for political or capital gain? I'm not sure what is to gain by attacking this system, but certainly begs the question.
• XSS on eBay's site - The problem seems to crop up in eBay's sub-domains, which could mean that the main eBay site gets all of the attention, leaving the sub-domains vulnerable to easy find and fix XSS vulnerabilities.
• Device finds child porn on WiFi - It's refreshing to see technology being used for good, rather than evil. A recent example is Fluke Networks Aircheck WiFi device that can detect child pornography on open and encrypted WiFi networks. Also: "This device can also be used against identity theft, Internet stalking and even online phishing scams."Nice, I wonder if it does in fact break the encryption on WiFi networks if permission, e.g. a warrant, is required?
• Microsoft patches 1990s-era 'Ping of Death' - Microsoft released MS11-064, which fixed the infamous "Ping Of Death" vulnerability in the Windows TCP/IP stack. "...appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s. The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003. Others were less concerned with the new Ping of Death problem. "It's definitely an old-school kind of attack," said Sarwate of Qualys. "But if it is exploited, I think it would be more on the prank side.""
• Defcon: VoIP makes a good platform for controlling Botnets - This is one of the most interesting Botnet command and control channel implementations I've seen in some time. Using "MoshiMoshi", open-source software that converts DTMF tones to bits and bytes, they can use it to communicate with the bots. This is difficult to detect, as VoIP networks are typically separate and often not monitored for this type of communications. However, if you were to look closely at the session data, you may be able to pick up on anomalies such as long sessions, or in this case long phone calls or phone calls with specific patterns.