110 posts categorized "Podcast"

 

Tenable Network Security Podcast Episode 112 - "Evil USB, Detect Unsupported Devices, & Managing Mobile Risk"

Welcome to the Tenable Network Security Podcast Episode 112

Hosts

  • Paul Asadoorian, Product Evangelist

  • Carlos Perez, Lead Vulnerability Researcher

  • Ron Gula, CEO/CTO

Announcements

New & Notable Plugins

Passive Vulnerability Scanner

Nessus

Stories

  1. Don’t Stick That in There – HID (Human Interface Device) - Evil USB keys persist in penetration testing and evil insider attack scenarios. Detecting is interesting, and the most difficult to detect are the devices that are HID, which really do evil things.

  2. OSCommerce v3.0.2 - Persistent Cross Site Vulnerability - Every once and a while, an XSS comes along that you should pay attention to, and this is no exception. A persistent XSS in an e-commerce application is a bad thing!

  3. Android and Security - Official Google Mobile Blog - Google has some work to do with respect to security, and they know it. All of the mobile device application security researchers I've spoken with tip their hat to the iOS platform for its strides in security, and then go on to say how easy it is to exploit Android.

  4. FBI Conference Call Tapped By Antisec - I've seen this story also mention Anonymous, so therefore, we have to cover it to get in our Anonymous coverage. Apparently, a phone call was leaked, proving that phones can be tapped and attackers do not comply with FCC regulations.

  5. Sophos 2012 Security Threat Report - Can anyone guess what's the most common malware still infecting computers? If you guessed Conficker, you'd be right.

  6. Two Approaches to Managing Mobile Devices - Giving the user more control of their devices has benefits!

  7. Microsoft Internet Explorer 'Forced Tweet' Cross Domain - Interesting vulnerability that allows the attacker to potentially make Tweets posing as you.

  8. Apple revises Snow Leopard security update - Again, so soon?

  9. 'Psycho Siri': Scariest Siri parody yet? | Crave - CNET - Really funny parody about Siri gone Psycho. Now, the first part is total science fiction, and very funny. However, in the final scenes the iPhone with Siri takes control of the person's car. Science fiction or reality? See the next story...

  10. Remotely start your car using an Arduino - Freaky, huh?

  11. Job-seeking Marriott hacker gets 30 months' porridge - This is the wrong way to try to land a job.

  12. Satellite phone encryption cracked - Telegraph - Could this be how Anonymous hacked into FBI phones?

  13. PHP 5.3.10 fixes critical remote code execution vulnerability - PHP still suffers from remote exploits, just an FYI.

Posted by Paul Asadoorian on February 07, 2012 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 111 - "Detecting pcAnywhere, browser vulnerabilities, & hacking cars"

Welcome to the Tenable Network Security Podcast Episode 111

Hosts

  • Paul Asadoorian, Product Evangelist

  • Carlos Perez, Lead Vulnerability Researcher

  • Ron Gula, CEO/CTO

  • Jack Daniel, Product Manager

Announcements

New & Notable Plugins

Passive Vulnerability Scanner

Nessus

Continue reading "Tenable Network Security Podcast Episode 111 - "Detecting pcAnywhere, browser vulnerabilities, & hacking cars" " »

Posted by Paul Asadoorian on February 06, 2012 in Podcast, Tenable | Permalink

 

Tenable Network Security Podcast 110

Welcome to the Tenable Network Security Podcast Episode 110

Hosts

  • Paul Asadoorian, Product Evangelist

  • Carlos Perez, Lead Vulnerability Researcher

  • Ron Gula, CEO/CTO

  • Jack Daniel, Product Manager

Announcements

New & Notable plugins

Continue reading "Tenable Network Security Podcast 110" »

Posted by Paul Asadoorian on January 24, 2012 in Podcast | Permalink

 

Tenable Network Security Episode 109

Welcome to the Tenable Network Security Podcast Episode 109

Hosts

  • Paul Asadoorian, Product Evangelist

  • Carlos Perez, Lead Vulnerability Researcher

  • Ron Gula, CEO/CTO

Announcements

Continue reading "Tenable Network Security Episode 109" »

Posted by Paul Asadoorian on January 18, 2012 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 108

Welcome to the Tenable Network Security Podcast Episode 108

Hosts

  • Paul Asadoorian, Product Evangelist

  • Jack Daniel, Product Manager

  • Carlos Perez, Lead Vulnerability Researcher

  • Ron Gula, CEO/CTO

Announcements

  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features.

  • We're hiring! - Visit the Tenable web site for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

  • Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

  • Tenable has released Nessus plugin 57462 to detect that nasty FreeBSD TELNET bug we touched on last week.

  • Nessus plugin 57461 was recently added to scan for Apple iOS Lockdown services

  • PVS can now detect systems reaching out to .xxx domains, enhanced OS identification.

Continue reading "Tenable Network Security Podcast Episode 108" »

Posted by Paul Asadoorian on January 12, 2012 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 107

Welcome to the Tenable Network Security Podcast Episode 107

Hosts

  • Paul Asadoorian, Product Evangelist

  • Jack Daniel, Product Manager

  • Carlos Perez, Lead Vulnerability Researcher

Announcements

Stories

Continue reading "Tenable Network Security Podcast Episode 107" »

Posted by Paul Asadoorian on January 11, 2012 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 106

Welcome to the Tenable Network Security Podcast Episode 106

Hosts

  • Paul Asadoorian, Product Evangelist

  • Jack Daniel, Product Manager

  • Ron Gula, Tenable's CEO/CTO

Announcements

Stories


Continue reading "Tenable Network Security Podcast Episode 106" »

Posted by Paul Asadoorian on December 13, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 105

Welcome to the Tenable Network Security Podcast Episode 105

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager
  • Ron Gula, Tenable's CEO/CTO

Announcements

Patch Management Integration

Paul, Jack, Ron, and Carlos talk about Tenable's new integration with patch management platforms such as Microsoft's WSUS, SCCM, Vmware Go, and Red Hat Satellite server.

Download Tenable Podcast Episode 105

Posted by Paul Asadoorian on December 06, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 104

Welcome to the Tenable Network Security Podcast Episode 104

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager
  • Ron Gula, Tenable's CEO/CTO and media expert!

Announcements

Stories

Continue reading "Tenable Network Security Podcast Episode 104" »

Posted by Paul Asadoorian on November 29, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 103

Welcome to the Tenable Network Security Podcast Episode 103

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Continue reading "Tenable Network Security Podcast Episode 103" »

Posted by Paul Asadoorian on November 22, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 102

Welcome to the Tenable Network Security Podcast Episode 102

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Stories

  • Wi-Fi security do's and don'ts - I agree with most of the recommendations here. WEP is bad, WPA-PSK is not a good solution for businesses, and MAC address filtering is useless. However, WIPS is a bit overstated, and certainly Snort doesn't help you much. The fact is, if you run an open wireless network, it allows for several attacks at layer 2. I do recommend practical network security with respects to WiFi, and designing the network to be robust and manageable will certainly help. However, many think that implementing 802.11i and VPNs is all you need to do. I disagree; treat your WiFi network as hostile, assume clients are compromise and MiTM attacks are occurring, then secure it as such.
  • CIA monitors up to 5 million tweets daily, report says - "A CIA team known internally as the "vengeful librarians" that numbers in the hundreds gathers information in multiple languages to build a real-time picture of the mood in various regions of the world." - I love the title. The technology used to monitor 5 million Tweets is interesting. I wish Twitter would monitor and do something about the evil things and spam that happens on Twitter.
  • BOP Worried, Electronic Jail Cell Doors Vulnerable To Remote Hack - It's good to see this issue get attention. The details are light, but there was a Defcon presentation by the researchers and I've interviewed them on a podcast. The technology used by prisons to secure the doors appears to be susceptible to attacks.
  • 'Nitro' hackers use stock malware to steal chemical, defense secrets - Computerworld - Attackers reportedly used Poison Ivy to compromise systems and steal intellectual property. I am familiar with this malware, and curious as to how it was able to evade even the most rudimentary defenses. Sure, you could configure it to be stealthy, but Poison Ivy tends to be somewhat loud on the systems and the network. We need to have a much better way to detect malware, especially on higher value targets.
  • SecTools.Org Top Network Security Tools - Nessus takes the #3 spot, with Wireshark taking #1. This list was created and voted on by Nmap users.
  • Homemade Hardware Keylogger/PHUKD Hybrid - Really neat post on how to create your own hardware key logger.
  • Show Me Your DNS Logs, I’ll Learn about You! « /dev/random - Fun write-up of the analysis of the DNS logs from the 3rd annual BruCon conference. It was interesting to see that some people do not trust the DNS server provided by the ISP or conference service. You can also determine operating system type based on DNS requests to NTP servers, showing that many attendees were running Ubuntu Linux distributions. Requests to the WPAD domain leaked information about companies that owned the devices, Wordpress was the blog platform of choice, and Gmail remains king for email. There were many requests that were clearly typos, showing that "typo-squatting" could prove useful for attackers.
  • Adidas Websites Hit With ‘Sophisticated’ Hack - A so-called "sophisticated" attack that didn't gain access to customer information. What did they gain access to, company secrets?
  • Microsoft releases Security Advisory 2639658 - The kernel bug that "Duqu" used has been fixed.

Download Tenable Podcast Episode 102

Posted by Paul Asadoorian on November 07, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 101

Welcome to the Tenable Network Security Podcast Episode 101

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Stories

  • Chasing APT: Persistence Pays Off - One of my greatest concerns that this article reminded me of is the risk to small business. And by small I mean the number of employees, not how much money they manage. You could likely construct a lucrative business attacking small firms that manage a LOT of money, but are small and have no dedicated IT team, let alone a dedicated security person.
  • Exposing the Market for Stolen Credit Cards Data - Maybe its just me but given that this article states "Liberty Reserve is the payment option of choice for the majority of the portals" can't you just follow the money and/or go after the organizations that are allowing the transactions? I'm sure its far more complicated than that, but just a thought. I'm sure that when targeting drug cartels and organized crime similar avenues are explored.
  • EFF on HTTPS - Great quote from this article: "In short: there are a lot of ways to break HTTPS/TLS/SSL today, even when websites do everything right." So true! There has to be a better way to get this SSL thing fixed. One suggestion from folks at the EFF was to have users rank SSL certificate authorities to build public trust into SSL.
  • US observation satellites hacked - I love this: "The article states that the nature of the attack appears to point to the Chinese military, though it stops short of making a direct accusation." Everyone is always quick to blame the Chinese, likely because people are saying "Well, if anyone would want to hack into a satellite it would be them". I'm saying who wouldn't want to hack into a satellite, thats so cool!
  • Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code - Webex is popular software, and if you were to hold a webinar and tell people they get something for free, you could probably compromise a lot of systems with this vulnerability.
  • 6 Deadly Enterprise Security Mistakes - I have to say, usually when I see articles like this, I take the opportunity to rip them to shreds. I will not do that with this article because I agree with it 110%. Nicely done.
  • Hackers could have TAKEN OVER Amazon Web Services - Imagine if you could take over the cloud, would that make you God for a day?
  • The 8 Craziest YouTube Account Hacks - This is just fun and covers "Beiber Fever" and "Hanna Montana faking her death". Just doesn't get any better than this!
  • Why You Still Can’t Teach a Machine to Hack - I wanted to again explore the debate over automation versus manual testing.
  • US Government Regulations on Piracy

Download Tenable Podcast Episode 101

Posted by Paul Asadoorian on November 02, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 100

Welcome to the Tenable Network Security Podcast Episode 100

Hosts

Announcements

Stories

In honor of the 100th Tenable podcast, and the nine year anniversary of Tenable Network Security, we've decided to produce a special podcast episode. In this episode we sit down with the founders of Tenable Network Security and ask them ten questions:

  1. How did the three of you meet?
  2. What spawned the idea to create Tenable Network Security?
  3. What are the qualities of Nessus, and its author, that were the driving factors to create the company around it?
  4. What was the first new product created as a company?
  5. What are some of your most favorite milestones in the companies history?
  6. What gets you most excited when you go to work everyday?
  7. What are some of the greatest challenges that organizations face in security and how do our products help them?
  8. What is the strangest feature request you've ever received?
  9. The creation of LCE, the Tenable Log Correlation Engine, is a distinct separatation from vulnerability management. What prompted this move and how does this product set itself apart from other products in the line?
  10. What's coming next for the company and Tenable's products? Spoiler Alert: Renaud gives us a sneak peek into the next version of Nessus!

Download Tenable Podcast Episode 100

Posted by Paul Asadoorian on October 19, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 99

Welcome to the Tenable Network Security Podcast - Episode 99

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Stories

  1. iPhone 5 Emails Infect Windows PCs with Malware - Attackers have proven to be very opportunistic when it comes to email scams and malware. Take the iPhone 5 for example, emails sent to thousands of people in an effort to get them to read up on the iPhone 5, which from the screenshot appears to be completely transparent. A neat defiance of physics, the real kicker being that Apple announced the 4S, not iPhone 5 yesterday.
  2. The 20 Controls That Aren’t - Ben Tomhave calls out the SANS CAG as 1) Not being actionable 2) Not able to scale and 3) Being designed to sell a product. While I agree in principle, its all about how you use the tools and guidelines. For example, if I want to know the areas that I should be covering in my information security program and some tips on how to do that, I might turn to the SANS CAG. Then I would go to the CIS benchmarks for recommendations about how to configure my systems security. At the end of the day, I am going to have to buy some products to help me get the job done, and I believe the various standards do not recommend a vendor, but areas in which you should focus on to help secure your organizations. Having said that, don't ignore vendors that provide products or services outside published guidelines, sometimes they can help you the most (of course, sometimes they are just the opposite).
  3. Some Hotel Safes Not So… Safe - We may have covered this one before, but just a reminder, the hotel safes are not safe and there are videos all over the web showing the default password. This one has reached true full-on public status. So you can either carry all of your stuff with you, or is there such a thing as a travel safe? Or, do you try to hack the safe first before putting your valuables in it?
  4. Cisco Patches Slew of IOS Bugs - I love this: "A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Smart Install uses TCP port 4786 for communication. An established TCP connection with a completed TCP three-way handshake is needed to be able to trigger this vulnerability" Yeah, because a full TCP-Three-Way handhake is a defense, that'll stop em'! I love remote code execution on a switch, yes make my port a mirror port. No one is in a big hurry to apply an update to a switch either.
  5. Post Exploitation Shellbaging Security Aegis - I thought Carlos would enjoy this one, its a post-exploitation script that performs an interesting type of file system forensics: "Since the ShellBag keys store various metadata on how Windows Explorer items were arranged and since they are recorded for each user, from a computer forensics standpoint, one can parse the data and pull out various pieces of information that relate to user interaction. When combined with other available computer artifacts, it could provide a more complete picture of what files were accessed or deleted by the user and from what storage device they were accessing at the time (could be either an internal, external or network storage device)."
  6. File Disclosure Browser - DigiNinja - Ever see those weird .DS_Store files on various shares, web servers, and even on your own file systems and USB drives? Turns out those come from OS X and can contain information about your files, and even the location of some hidden files. Robin Wood's script extracts this information from .DS_Store files posted on web sites.
  7. NOTE: This page has been known to trigger A/V alerts, visit at your own risk! - http://securityxploded.com/passwordsecrets.php - Password Secrets of Popular Windows Applications - What a great list of applications and where they store their passwords, and how!
  8. Collected 1st & 2nd Level Domains - Some neat research from Max, who has collected 1st and 2nd level domain information, enumerating the domain names across large sections of the Internet.
  9. Fail a Security Audit Already -- It's Good for You - If that's the case, everyone is really healthy! However, failing is a part of learning. Most do not pass their first security audit, if you do, then why did you pay for one in the first place? You security audit should be telling you things you can do better, because chances are what you are doing has a few gaps or is just simply not enough. Audits, assessments, and penetration tests should tell you something you didn't already know.
  10. More Than One-Fourth of Google Chrome Extensions Contain Vulnerabilities - This is one of the things that keeps me up at night. We rely on all of these frameworks, and each of the frameworks allows people to write code and install it on your system(s). Sometimes that code does evil things.
  11. Sometimes the Security Helpdesk Gets The Last Laugh - Word to the wise: Format and re-install your OS after you've contracted Malware.
  12. Air Traffic Control Data Found on eBayed Network Gear
  13. Bank of America Website Disrupted for Fourth Day in a Row
  14. Check Your Machines for Malware, Linux Developers Told - I wonder if they are also formatting and re-installing? Oh wait, its Linux, it doesn't get viruses.
  15. Law Enforcement Increasingly Asking Internet Companies to Share Data - Yes, 4th Amendment in full swing, we need a warrant, we can't get one, so can you collect the evidence for us?
  16. Amazon Kindle Tablet Routes Web Traffic to Cloud First

Download Tenable Podcast Episode 99

Posted by Paul Asadoorian on October 05, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 98

Welcome to the Tenable Network Security Podcast - Episode 98

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Stories

  1. Don’t Hit the Snooze Button on DigiNotar Alarm Bells - In 1995, we suggested the usage of network firewalls and SSL to protect web applications, and today we suggest that network firewalls and SSL protect cloud computing. There is a balance between evolving countermeasures and not hitting the snooze button on defensive technologies.
  2. So-so SASO … So What? - Bringing more balance to security, there is room for automated testing and static code analysis, but should you let a 3rd party analyze your code? Most would say "Yes", unless you are Oracle...
  3. Sound Database Security Starts With Segmentation - Segmentation needs to have context around it, and be based on the classification and location of your data.
  4. SIEM: Dead as Claimed? - Computerworld - Its fun to see which technology will be declared dead, first it was IDS, now SIEM. Is it really dead?
  5. 3 Indicted in Sophisticated Hacking Scheme - Attacker drove around the city of Seattle and broke into companies physical buildings and/or wireless networks, installed malware on their systems, and attempted to make a profit.
  6. SecurityTracker: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks - I've recommended that DIGEST authentication be used over BASIC authentication in Apache. If you implemented my suggestions, make sure you take notice of this patch!
  7. New OS X Trojan Horse sends Screenshots, Files to Remote Servers - I thought Macs didn't get viruses? Turns out they do...
  8. Facebook Unfriending 'Bug' Gets Quick Fix - For Facebook users, this is a big deal, as you don't want your "Friends" to know that you are breaking up with them.
  9. Man Builds Social Network Using Atlantic Ocean - I'd love to see the attacks against this social network, how would a cross-site scripting vulnerability play out?

Download Tenable Podcast Episode 98

Posted by Paul Asadoorian on September 28, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 97

Welcome to the Tenable Network Security Podcast - Episode 97

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

Continue reading "Tenable Network Security Podcast - Episode 97" »

Posted by Paul Asadoorian on September 22, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 96

Welcome to the Tenable Network Security Podcast - Episode 96

Hosts

  • Paul Asadoorian, Product Evangelist
  • Carlos Perez, Lead Vulnerability Researcher
  • Ron Gula, CEO/CTO

Announcements

Stories

  • 15 Years of Software Security: Looking Back and Looking Forward - First a look back: Remember "Smashing the Stack for Fun and Profit"? Buffer overflows were all the rage and resulted in what the author calls "undesired functionality" in applications. Vendors tended to ignore the vulnerability disclosure process, and many more vulnerabilities and associated exploits floated around the Internet until vendors decided to patch them (or not). The security community as a whole grew up, many companies were created to sell products, and many got bought and folded into larger companies. Before we look into the future, what has really changed? Web applications have provided us with a newer form of the buffer overflow, as the vulnerabilities lead to "undesired functionality", and are as plentiful, if not more, than traditional buffer overflows were. The difference is that they are now spread across thousands of applications and many require end-user interaction. The author then looks into the future, which is dangerous depending on how you look at it. Since it hasn't occurred yet, you can make predictions and it doesn't matter if you were correct or not... it was just a prediction.

Continue reading "Tenable Network Security Podcast - Episode 96" »

Posted by Paul Asadoorian on September 13, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 95

Welcome to the Tenable Network Security Podcast - Episode 95

Hosts

  • Paul Asadoorian, Product Evangelist
  • Jack Daniel, Product Manager
  • Carlos Perez, Lead Vulnerability Researcher
  • Ron Gula, CEO/CTO

Announcements

Stories

Continue reading "Tenable Network Security Podcast - Episode 95" »

Posted by Paul Asadoorian on September 07, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 94

Welcome to the Tenable Network Security Podcast - Episode 94

Hosts:

  • Paul Asadoorian, Product Evangelist
  • Jack Daniel, Product Manager
  • Carlos Perez, Lead Vulnerability Researcher

Announcements

Continue reading "Tenable Network Security Podcast - Episode 94" »

Posted by Paul Asadoorian on August 31, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 93

Welcome to the Tenable Network Security Podcast - Episode 93

Hosts:

  • Paul Asadoorian, Product Evangelist
  • Ron Gula, CEO/CTO
  • Jack Daniel, Product Manager
  • Carlos Perez, Lead Vulnerability Researcher

Announcements


Continue reading "Tenable Network Security Podcast - Episode 93" »

Posted by Paul Asadoorian on August 24, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 92

Welcome to the Tenable Network Security Podcast - Episode Episode 92

Hosts:

  • Paul Asadoorian, Product Evangelist
  • Ron Gula, CEO/CTO
  • Carlos Perez, Lead Vulnerability Researcher

Announcements

Continue reading "Tenable Network Security Podcast - Episode 92" »

Posted by Paul Asadoorian on August 17, 2011 in Podcast | Permalink

 

Tenable Network Security Podcast - Episode 90

Welcome to the Tenable Network Security Podcast - Episode 90

Hosts:

  • Paul Asadoorian, Product Evangelist
  • Ron Gula, CEO/CTO
  • Carlos Perez, Lead Vulnerability Researcher
  • Jack Daniel, Product Manager

Announcements

  • Several new blog posts have been published this week, including:

  • LCE WMI Monitor Agent 3.6.0 Now Available

  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch auditing using Nessus.

  • We're hiring! - Visit the Tenable web site for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

    • Stories

    Continue reading "Tenable Network Security Podcast - Episode 90" »

    Posted by Paul Asadoorian on July 26, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 89

    Welcome to the Tenable Network Security Podcast - Episode 89

    Hosts:

    • Paul Asadoorian, Product Evangelist
    • Ron Gula, CEO/CTO
    • Carlos Perez, Lead Vulnerability Researcher
    • Jack Daniel, Product Manager

    Announcements

    Stories

    • Facebook blocks a second contact export tool - Information, in the right context, can be quite powerful and expose your privacy. Facebook recently blocked Google+ from exporting your list of Facebook friends' names (not email addresses). When you put this in the context of attacks, knowing the names of someone's friends on Facebook could be quite valuable for social engineering.

    Continue reading "Tenable Network Security Podcast - Episode 89" »

    Posted by Paul Asadoorian on July 13, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 88

    Welcome to the Tenable Network Security Podcast - Episode 88

    Hosts: Paul Asadoorian, Product Evangelist

    Announcements

    Interview: Jesse Kornblum

    Jesse Kornblum is a Computer Forensics Research Guru with the Kyrus Technology

    Continue reading "Tenable Network Security Podcast - Episode 88" »

    Posted by Paul Asadoorian on July 06, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 86

    Welcome to the Tenable Network Security Podcast - Episode 86

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

    Announcements

  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.

  • We're hiring! - Visit the Tenable web site for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

  • Jack Daniel joins Tenable as Product Manager.

  • Nessus for Android has been updated, including support for the Motorola Zoom.

    • Stories

    • Dan Kamsinky On The RSA SecurID Compromise - "I recommend replacing devices in an orderly fashion, possibly while increasing the rotation rate of PINs. I dismiss concerns about source compromise on the grounds that both hardware and software are readily reversed, and anyway we didn’t change operational behavior when Windows or IOS source leaked." It's true, when entire operating systems' source code has leaked, no one really panicked or changed the way they do business. Yes, you should be replacing all your tokens and, of course, have some other forms of security and authentication other than SecurID.

    Continue reading "Tenable Network Security Podcast - Episode 86" »

    Posted by Paul Asadoorian on June 15, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 85

    Download Tenablepodcast-episode85.mp3

    Welcome to the Tenable Network Security Podcast - Episode 85

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

    Announcements

  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.

  • We're hiring! - Visit the Tenable web site for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

    • Stories

    • RSA finally comes clean: SecurID is compromised - It turns out to be true: attackers possess the seed values for the tokens and the encryption algorithm is already public. RSA says they withheld the information because they did not want to tell attackers how to implement attacks, but it turns out evil bad guys figured it out and used it to attack Lockheed Martin. RSA is now offering to replace all 40 million+ SecurID tokens worldwide. Ouch. This is a breach that cost RSA dearly, in terms of money and reputation.

    Continue reading "Tenable Network Security Podcast - Episode 85" »

    Posted by Paul Asadoorian on June 07, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 84

    Welcome to the Tenable Network Security Podcast - Episode 84

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Discussion

    Continue reading "Tenable Network Security Podcast - Episode 84" »

    Posted by Paul Asadoorian on June 01, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 83

    Welcome to the Tenable Network Security Podcast - Episode 83

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

    Announcements

    • A new blog post has been published:
    • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
    • We're hiring! - Visit the Tenable web site for more information about open positions.
    • You can subscribe to the Tenable Network Security Podcast on iTunes!
    • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
    • A new Nessus plugin is being released into the feed that will identify the device type of your targets. For example, if Nessus finds that a device is running Cisco IOS, it will flag it as device type: router. This is useful when reporting, trending, and "dashboarding" with SecurityCenter.
    • A new promotion is being run: All new Nessus Professional Feed users will receive a free demo of the Nessus Perimeter Service.
    • Upcoming Product Releases: SecurityCenter 4.2 and LCE 3.6.1. One of the major new features of SecurityCenter 4.2 is the ability to share dashboards. You can visit our dashboards page for a sneak preview.

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 83" »

    Posted by Paul Asadoorian on May 24, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 82

    Welcome to the Tenable Network Security Podcast - Episode 82

    Hosts: Paul Asadoorian, Product Evangelist

    Announcements

    Interview: KC Berg, Level3 Communications

    level3-logo-300x150.jpg

    KC works for Level3, the world's largest Internet service provider. He uses Nessus, and in a big way. They scan hundreds of thousands of IP addresses every day, customize NASL, and make extensive use of the API. KC is also a big fan of credentialed auditing and tells us how he uses that to help maintain security on some of the busiest networks in the world.

    Episode 82 Direct Download

    Posted by Paul Asadoorian on May 15, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 81

    Welcome to the Tenable Network Security Podcast - Episode 81

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO

    Announcements

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 81" »

    Posted by Paul Asadoorian on May 10, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 80

    Welcome to the Tenable Network Security Podcast - Episode 80

    Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher, Ron Gula, CEO/CTO

    Announcements

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 80" »

    Posted by Paul Asadoorian on April 26, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 79

    Welcome to the Tenable Network Security Podcast - Episode 79

    Announcements

    Continue reading "Tenable Network Security Podcast - Episode 79" »

    Posted by Paul Asadoorian on April 19, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 78

    Welcome to the Tenable Network Security Podcast - Episode 78

    Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 78" »

    Posted by Paul Asadoorian on April 12, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 77

    Welcome to the Tenable Network Security Podcast - Episode 77

    Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher, and Ron Gula, Tenable CEO/CTO

    Announcements

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 77" »

    Posted by Paul Asadoorian on April 05, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 76

    Welcome to the Tenable Network Security Podcast - Episode 76

    Hosts: Paul Asadoorian, Product Evangelist, Marcus Ranum, Tenable's CSO and Dave Poynter, Tenable Training Team

    Announcements

    Marcus Ranum Interview

    Marcus comes on the show to discuss risk management pitfalls, "APT" and more!

    Continue reading "Tenable Network Security Podcast - Episode 76" »

    Posted by Paul Asadoorian on March 31, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 75

    Welcome to the Tenable Network Security Podcast - Episode 75

    Hosts: Paul Asadoorian, Product Evangelist & Dennis Brown, Research Engineer and "Malware Aficionado"

    Announcements

    Stories

    Continue reading "Tenable Network Security Podcast - Episode 75 " »

    Posted by Paul Asadoorian on March 22, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 74

    Welcome to the Tenable Network Security Podcast - Episode 74

    Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO

    Announcements

    Stories

    • Penetration Testing Execution Standard - A group has been formed to define what a penetration test really is and means. Several standards and compliance documents reference a "penetration test", but yet no one has really taken the time to define it. Carlos and I are involved with this effort, myself on the vulnerability scanning portion and Carlos on the post-exploitation side.

    Continue reading " Tenable Network Security Podcast - Episode 74" »

    Posted by Paul Asadoorian on March 15, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 73

    Welcome to the Tenable Network Security Podcast - Episode 73

    Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher and Ron Gula, Tenable CEO/CTO

    Announcements

    Stories

    • Outbound SSH Traffic from HP Blade Servers - In this case it appears to be a bug, but what if it wasn't? I believe we need to keep close tabs on network connections in our environment. I'm a huge fan of Netflow analysis, largely because if you are attacking anything on the network, you need to make a connection. It's a difficult thing to get around (provided you do not have physical access to a medium that is not being monitored, such as 3G or some other wireless protocol). Also, it raises a scary situation where devices are pre-owned, meaning that during the manufacturing process attackers placed backdoors on the systems. Network monitoring can help identify these channels. For example, you should be able to spot your networking gear's management interfaces attempting to make connections out to the Internet.

    Continue reading " Tenable Network Security Podcast - Episode 73" »

    Posted by Paul Asadoorian on March 09, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 72

    Welcome to the Tenable Network Security Podcast - Episode 72

    Hosts: Paul Asadoorian, Product Evangelist and Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    • Throwing Star LAN Tap - I have to admit, I'm a big fan of ninjas. Ever since I was a kid (in some ways I still am) I've been fascinated with ninjas. It's a combination of things that fuel my fascination: smoke bombs, swords, poison and, of course, throwing stars. Any time I can arm myself with a ninja-like tool that pertains to my job, I'm in. The LAN tap throwing stars allow you to monitor network traffic passively (e.g. there is no send, only receive) between a host and the network. This comes in handy for troubleshooting, forensics, and even to collect some data using Tenable's Passive Vulnerability Scanner.

    Continue reading "Tenable Network Security Podcast - Episode 72" »

    Posted by Paul Asadoorian on March 01, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 71

    Welcome to the Tenable Network Security Podcast - Episode 71

    Hosts: Paul Asadoorian, Product Evangelist and Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    • Security vulnerabilities galore in social networks - A new web site, www.socialnetworksecurity.org, has been created to document the ever increasing vulnerabilities present in popular social networking sites such as Facebook. It seems that many sites, as it will come to no great suprise, are vulnerable to things like XSS. I believe it's the nature of the beast, so many of these web sites are in a race to add features and functionality, and it's too time consuming for them to properly identify security vulnerabilities as they go along. I do hope that big web sites take a step back from the fast and furious pace and start to implement security, before they get too far down a path and end up with a site that requires a major overhaul to be "secure".

    Continue reading "Tenable Network Security Podcast - Episode 71" »

    Posted by Paul Asadoorian on February 22, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 70

    Welcome to the Tenable Network Security Podcast - Episode 70

    Hosts: Paul Asadoorian, Product Evangelist and Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    • Honeynet Project Releases PhoneyC - Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.

    Continue reading "Tenable Network Security Podcast - Episode 70" »

    Posted by Paul Asadoorian on February 15, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 69

    Welcome to the Tenable Network Security Podcast - Episode 69

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, and Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    Download Tenable Podcast Episode 69

    Posted by Paul Asadoorian on February 08, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 68

    Welcome to the Tenable Network Security Podcast - Episode 68

    Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, and Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    • Kaspersky Source Code Leaked - Turns out an former employee had distributed copies of the software. This is a tricky thing to defend against, since how do you know if one of your employees is stealing source code? Sure, many would say that you need to limit and control access to the source code, but you still need to allow the developers to access it. Now, antivirus software in particular probably gets a high bounty on the computer underground because if you could analyze the source code directly, you stand a better chance of making malware that is more resilient. The former employee of Kaspersky was arrested and sentenced to three years in prison.

    Continue reading "Tenable Network Security Podcast - Episode 68" »

    Posted by Paul Asadoorian on February 02, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 67

    Welcome to the Tenable Network Security Podcast - Episode 67

    Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Stories

    • Shmoocon Preview - Twice the Mobile (in)Security - The trend has been heating up for a while now, and it's just about ready to boil over and send people screaming, panic stricken, as attackers take hold of their mobile devices. I believe Google's Android and Apple's iPhone have put the "smartphone" front and center as the most popular piece of technology we use in our everyday lives. For the attackers and the security community alike, this means we must find ways to hack it. The motives are of course different: the security community wants a safer place, and the attackers want to profit.

    Continue reading "Tenable Network Security Podcast - Episode 67" »

    Posted by Paul Asadoorian on January 25, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 66

    Welcome to the Tenable Network Security Podcast - Episode 66

    Hosts: Paul Asadoorian, Product Evangelist

    Announcements


    Continue reading "Tenable Network Security Podcast - Episode 66" »

    Posted by Paul Asadoorian on January 18, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 65

    Welcome to the Tenable Network Security Podcast - Episode 65

    Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Researcher

    Announcements

    Continue reading "Tenable Network Security Podcast - Episode 65" »

    Posted by Paul Asadoorian on January 11, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 64

    Welcome to the Tenable Network Security Podcast - Episode 64

    Hosts: Paul Asadoorian, Product Evangelist, and Ron Gula, CEO/CTO

    Announcements


    Continue reading "Tenable Network Security Podcast - Episode 64" »

    Posted by Paul Asadoorian on January 05, 2011 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 63

    Welcome to the Tenable Network Security Podcast - Episode 63

    Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Research Engineer

    Announcements


    Continue reading "Tenable Network Security Podcast - Episode 63" »

    Posted by Paul Asadoorian on December 20, 2010 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 62

    Welcome to the Tenable Network Security Podcast - Episode 62

    Hosts: Paul Asadoorian, Product Evangelist

    Announcements


    Continue reading "Tenable Network Security Podcast - Episode 62" »

    Posted by Paul Asadoorian on December 14, 2010 in Podcast | Permalink

     

    Tenable Network Security Podcast - Episode 61

    Welcome to the Tenable Network Security Podcast - Episode 61

    Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

    Announcements

    Continue reading "Tenable Network Security Podcast - Episode 61" »

    Posted by Paul Asadoorian on December 07, 2010 in Podcast | Permalink