Tenable Network Security Episode 109

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• Tenable has released Nessus plugin 57462 to detect that nasty FreeBSD TELNET bug we touched on last week.
• PVS plugin released to detect Google Chrome 16.0.912.75 Multiple Vulnerabilities
• Nessus plugin 57558 detects unsupported MySQL and feeds right into this dashboard.

Stories

• Five Principles to Better your Security Monitoring - I believe that knowing yourself is different from being able to get the data that you need in order to be successful. I know people love Sun Tzu and all, and I've even been known to make a reference to his philosophy, however this is not about knowing yourself. This is about working as a team and sharing information that makes sense. I've experienced this several times within organizations, and that is teams are working as their own little armies. The fact is that everyone needs to cooperate when it comes to security. Furthermore, knowing the terrain is a moving target, IT systems and landscape changes all the time, so while you may know it today, you may not tomorrow.
• Wireshark 1.4.x and 1.6.x Updates Close Security Holes - I've seen a long history of problems related to security with this tool. It stems from the fact that its parsing data, lots of different types of data, and sometimes not very well. I still tend to lean towards the command line tcpdump, but if you are using Wireshark, be certain to be on the latest version and consider running it on systems that have the least impact if compromised.
• PHP 5.3.9 Released with Hash DoS Fix - I used to think that DoS vulnerabilities were not a big deal. However, now that the entire world relies on the web for any number of things, these are a big deal.
• Recovering a Hacked Gmail Account - This can be a very time consuming process. The story goes into details of the attack, the emails to friends about being mugged overseas and needing money, etc... it begs the question of whether or not using cloud-based email is worth it. I am a huge fan of using it, but adding protections such as strong pass phrases, two-factor authentication, getting rid of the security question, and using PGP.
• 10 Years of Breach - I've heard of University breaches that have gone on for years without being detected, but this one takes the cake. They found that for 10 years attackers had planted viruses on university systems, until finally one day a monitoring system detected some behavior that led to an investigation. Ignoring security is a strange thing, if you ignore the problem everything will seem okay. Until one day when you find out about the problems and it's too late. However, the longer you let the problem go, the worse off you will be. Ten years is such a long time that there is no way to even tell who is affected. 10 years is a lot longer than most people attend college!
• Sysinternals Updates - Updated have been released for this tool, and there is a great story about how Mark fixed his Mom's computer over the holidays!
• PRC Targeting DoD Smart Cards - Never fails, when you adopt this awesome technology to secure things, people will attack it.
• Time to Check your DNS Settings? - The bad guys behind this botnet had infested approximately 4 million computers in more than 100 countries with malware called DNSChanger. This Trojan horse allowed them – among other things – to redirect requests of unsuspecting users to malicious or illegal destinations by altering their connection settings, namely the address of the DNS server - If you were to write malware to do just one evil thing, changing the DNS server may be on the top of the list.
• Windows Live May Be a Vulnerability for Xbox Live Users
• Zappos Says Hackers Accessed 24 Million Customers' Account Details - I was just commenting how awesome Zappos was to shop with, then this. However, after it blows over, will I still shop there?
• ACROS Security Blog: Is Your Online Bank Vulnerable to Currency Rounding Attacks? - Warning, lots of math here. However, some neat profiles of "Exploitation".