Welcome to the Tenable Network Security Podcast - Episode 90

Hosts:

• Paul Asadoorian, Product Evangelist
• Ron Gula, CEO/CTO
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

Stories

• Could hackers set fire to your Apple battery with a virus? - Hiding in battery firmware is a really neat way to plant a backdoor.
• US-CERT Director Leaves Abruptly - Could it be that the latest string of attacks against government agencies was too much for the director of US-CERT?

Burying Stumps

Recently I've been planning and executing a plan to fix some of the landscaping around my house (as a side note, try not to plan this to happen in the middle of July when it’s 90 degrees). In talking with people who have experience with landscaping projects we seem to always hit the topic of digging up and burying stumps, and whether this is a good idea or a bad idea. For the short term, it seems like a good idea. The stumps take up space in the ground so you need less fill (which saves money), burying is cheaper than grinding them down or having them hauled away, and you don't have to look at an ugly stump. The downside is that 7-10 years down the road, the stumps begin to rot and you are left with sinkholes in your yard.

Preparing Your Backtrack 5 Installation

Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation. Before you activate Nessus on your BackTrack 5 installation, be certain you have installed Nessus either to the hard drive on the computer you plan to use or inside of a virtual machine that you plan to keep on the same host system. If you activate Nessus on a bootable USB thumb drive, DVD or a virtual machine and move it to a new host system, the Nessus activation code will no longer be valid. The Nessus activation ties itself to the physical system on which it is installed. If you do decide to move the virtual machine to a new system, or jump around to different systems using a bootable USB thumb drive or DVD, you will have to re-activate Nessus. If you are using a Nessus ProfessionalFeed, you are allowed to reset your activation by clearing the current connection between a host and an activation code. By logging into the Tenable Customer Support Portal and going to "Activation Codes", you can reset the activation code-to-host pairing. ProfessionalFeed users are currently limited to one reset every 30 days. HomeFeed users will need to re-register Nessus when moving between physical hosts.

Step 1 - Obtaining An Activation Code

Remote exploits come in many different shapes, forms and sizes. Listening services, web browsers and wireless technologies can all contain vulnerabilities that allow for "remote exploitation". The difficult part is defining just how "remote" an attacker needs to be. Obviously, the exposed network service could theoretically be exploited by anyone connected to the Internet. Web browser exploits require that a user visit a site (by choice or surreptitiously) that loads malicious code. Wireless technologies such as Bluetooth require that you be in range. Here's where it gets interesting! There are many situations where end users could be in range of attackers, including conferences, coffee shops, airports, or even right in your own facility. Having said that, it would be difficult for these attacks to target a specific organization unless you were physically on-site, which occurs less frequently than someone attacking you over the Internet. However, we should note that Bluetooth uses the 2.4 GHz spectrum for communications and can be extended using the same or similar gear as WiFi.

Welcome to the Tenable Network Security Podcast - Episode 89

Hosts:

• Paul Asadoorian, Product Evangelist
• Ron Gula, CEO/CTO
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• Facebook blocks a second contact export tool - Information, in the right context, can be quite powerful and expose your privacy. Facebook recently blocked Google+ from exporting your list of Facebook friends' names (not email addresses). When you put this in the context of attacks, knowing the names of someone's friends on Facebook could be quite valuable for social engineering.

Welcome to the Tenable Network Security Podcast - Episode 88

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• Two new blog posts have been published to the Tenable Blog:
• Making It Easier To Perform Credentialed Scanning & Auditing
• Advanced Vulnerability Scanning Using Nessus Course
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Interview: Jesse Kornblum

Jesse Kornblum is a Computer Forensics Research Guru with the Kyrus Technology

The Benefits of Credentialed Scanning and Auditing

We've covered the advantages of credentialed vulnerability scanning and configuration auditing in previous blog posts, but I want to recap some of the benefits:

• Getting Around Firewalls - Whether you are scanning through network or host firewalls, credentialed scans require less ports to be open between the scanner and the target(s) and require less network bandwidth and target resources.
• Finding Localized Vulnerabilities - Several vulnerabilities, including those being exploited by attackers and penetration testers alike, are not accessible over the network but present themselves in end-user software ranging from web browsers, PDF readers and office suites. By performing a credentialed scan, Nessus is able to find vulnerabilities that requires user interaction to trigger exploitation in local software.
• Verifying Settings & Configurations - Through either Nessus plugins or configuration auditing, you can answer questions about the state of your systems. For example, if you want to know who has either local or domain administrative rights to your systems, there are plugins that report the list of users. Want to know what type of USB devices are in use in your environment or which systems have modems connected? There are plugins that test for those conditions as well. With configuration auditing, you can check any registry entry on a Windows system for a specific value or check the values on entries in configuration files on Linux/UNIX systems.