Tenable Network Security Podcast Episode 101

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• Chasing APT: Persistence Pays Off - One of my greatest concerns that this article reminded me of is the risk to small business. And by small I mean the number of employees, not how much money they manage. You could likely construct a lucrative business attacking small firms that manage a LOT of money, but are small and have no dedicated IT team, let alone a dedicated security person.
• Exposing the Market for Stolen Credit Cards Data - Maybe its just me but given that this article states "Liberty Reserve is the payment option of choice for the majority of the portals" can't you just follow the money and/or go after the organizations that are allowing the transactions? I'm sure its far more complicated than that, but just a thought. I'm sure that when targeting drug cartels and organized crime similar avenues are explored.
• EFF on HTTPS - Great quote from this article: "In short: there are a lot of ways to break HTTPS/TLS/SSL today, even when websites do everything right." So true! There has to be a better way to get this SSL thing fixed. One suggestion from folks at the EFF was to have users rank SSL certificate authorities to build public trust into SSL.
• US observation satellites hacked - I love this: "The article states that the nature of the attack appears to point to the Chinese military, though it stops short of making a direct accusation." Everyone is always quick to blame the Chinese, likely because people are saying "Well, if anyone would want to hack into a satellite it would be them". I'm saying who wouldn't want to hack into a satellite, thats so cool!
• Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code - Webex is popular software, and if you were to hold a webinar and tell people they get something for free, you could probably compromise a lot of systems with this vulnerability.
• 6 Deadly Enterprise Security Mistakes - I have to say, usually when I see articles like this, I take the opportunity to rip them to shreds. I will not do that with this article because I agree with it 110%. Nicely done.
• Hackers could have TAKEN OVER Amazon Web Services - Imagine if you could take over the cloud, would that make you God for a day?
• The 8 Craziest YouTube Account Hacks - This is just fun and covers "Beiber Fever" and "Hanna Montana faking her death". Just doesn't get any better than this!
• Why You Still Can’t Teach a Machine to Hack - I wanted to again explore the debate over automation versus manual testing.
• US Government Regulations on Piracy