Tenable Network Security Podcast Episode 102

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• Wi-Fi security do's and don'ts - I agree with most of the recommendations here. WEP is bad, WPA-PSK is not a good solution for businesses, and MAC address filtering is useless. However, WIPS is a bit overstated, and certainly Snort doesn't help you much. The fact is, if you run an open wireless network, it allows for several attacks at layer 2. I do recommend practical network security with respects to WiFi, and designing the network to be robust and manageable will certainly help. However, many think that implementing 802.11i and VPNs is all you need to do. I disagree; treat your WiFi network as hostile, assume clients are compromise and MiTM attacks are occurring, then secure it as such.
• CIA monitors up to 5 million tweets daily, report says - "A CIA team known internally as the "vengeful librarians" that numbers in the hundreds gathers information in multiple languages to build a real-time picture of the mood in various regions of the world." - I love the title. The technology used to monitor 5 million Tweets is interesting. I wish Twitter would monitor and do something about the evil things and spam that happens on Twitter.
• BOP Worried, Electronic Jail Cell Doors Vulnerable To Remote Hack - It's good to see this issue get attention. The details are light, but there was a Defcon presentation by the researchers and I've interviewed them on a podcast. The technology used by prisons to secure the doors appears to be susceptible to attacks.
• 'Nitro' hackers use stock malware to steal chemical, defense secrets - Computerworld - Attackers reportedly used Poison Ivy to compromise systems and steal intellectual property. I am familiar with this malware, and curious as to how it was able to evade even the most rudimentary defenses. Sure, you could configure it to be stealthy, but Poison Ivy tends to be somewhat loud on the systems and the network. We need to have a much better way to detect malware, especially on higher value targets.
• SecTools.Org Top Network Security Tools - Nessus takes the #3 spot, with Wireshark taking #1. This list was created and voted on by Nmap users.
• Homemade Hardware Keylogger/PHUKD Hybrid - Really neat post on how to create your own hardware key logger.
• Show Me Your DNS Logs, I’ll Learn about You! « /dev/random - Fun write-up of the analysis of the DNS logs from the 3rd annual BruCon conference. It was interesting to see that some people do not trust the DNS server provided by the ISP or conference service. You can also determine operating system type based on DNS requests to NTP servers, showing that many attendees were running Ubuntu Linux distributions. Requests to the WPAD domain leaked information about companies that owned the devices, Wordpress was the blog platform of choice, and Gmail remains king for email. There were many requests that were clearly typos, showing that "typo-squatting" could prove useful for attackers.
• Adidas Websites Hit With ‘Sophisticated’ Hack - A so-called "sophisticated" attack that didn't gain access to customer information. What did they gain access to, company secrets?
• Microsoft releases Security Advisory 2639658 - The kernel bug that "Duqu" used has been fixed.