Tenable Network Security Podcast Episode 132 - "Default Passwords, Evil QR Codes"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass - Using an alternative data stream, attackers are able to access PHP files which are otherwise protected. This is accomplished by accessing a file using the following name: "filename.php::$INDEX_ALLOCATION" as it is the functional equivalent of "filename.php".
• VMware Fusion 4.x Less Than 4.1.3 Vulnerabilities - "Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host." Do many still use a virtual floppy disk?
• Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution - "Such versions are potentially affected by an arbitrary code execution vulnerability." Potentially? I really wish vendors would do a better job of further qualifying the risk of exploitation. Upgrading all of your clients is not an easy task, and security folks may have a tough time convincing administrators to push out a fix if the risk is not a reality.
• MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities - Looks like these problems exist on OS X as well. The AnyConnect client does not validate binary downloads, allowing an attacker to execute code.
• Symantec Message Filter Management Interface Default Credentials - I believe one of the security measures that gives you the most bang for your buck is to make certain all of your management interfaces are not using default or easily-guessable credentials.
• IBM Lotus Domino Password Protected DB Enumeration - Tools exist in the popular Metasploit framework to brute force this password.
• Basilic diff.php Command Injection - "Basilic, a bibliography server for research laboratories, has a command injection vulnerability."
• HP System Management Homepage Less Than 7.1.1 Vulnerabilities - This update files a long list of vulnerabilities.
• IrfanView JPEG-2000 Plugin Remote Stack-based Buffer Overflow - Remote code execution triggered by opening JP2 files.
• Cisco WebEx ARF Player Buffer Overflow - I suppose you could host an "evil" webcast and trigger this buffer overflow condition!

Passive Vulnerability Scanner

• Google Chrome Less Than 20.0.1132.43 Vulnerabilities - This update covers multiple platforms, such as Linux x64. Nice to detect it over the network!
• Firewall/Proxy detection - When monitoring a network, I found it interesting to detect the unmanaged firewalls and proxies.

SecurityCenter Dashboards

• Malicious Process Detection - This dashboard was designed to be used with the Malicious Process Detection in Nessus including the plugin update to divide results into malware and potentially unwanted sofware.

Compliance Checks

• New CIS Red Hat EL6 Audit Policies - New CIS audit policies that implement a majority of the Level I and II configuration checks from the CIS Red Hat Enterprise Linux 6 v1.0.0 for RHEL6 systems are now available on the Tenable Support Portal.

Stories

1. Botnet infections in the enterprise have experts advocating less automation - "Stewart and other security experts say many businesses are far too reliant on automated systems; big security appliances such as intrusion prevention and detection systems designed to monitor network traffic. They’re calling for enterprises to instead hire skilled IT security pros to proactively monitor those systems and investigate issues. The approach, they say, improves the security systems already deployed in most enterprises by addressing and isolating issues before they become a serious problem."
2. DNSchanger shutdown may kick 300,000 offline on Monday - Do YOU still have access to the Internet?
3. The Dark Side of QR Codes - "Your best defense, use common sense. Don't scan QR codes randomly found on the street or buildings. If you have to ask yourself who might have made this code, it's probably best to pass." When it comes to the security of your computer or smartphone, that's one area where people seem to be lacking a great deal -- common sense. Okay, that's a bit harsh. Rather, it's educating folks about the risk and letting them make an informed decision. However, I can assure you they will still scan random QR codes out of curiosity.
4. Computer error triggers mass rocket launch - "The pyrotechnics were meant to last 18 minutes. Instead, the whole show was over in roughly 15 seconds, after a deafening display that saw all five launch sites blast their missiles into the air simultaneously." Could hackers be to blame? They go on to say, "They were scheduled to be programmed for 15-16 minutes, and somehow, some sort of virus must have got into the program." Funny part is, you can still hear people cheering in the background.
5. Black Hat USA 2012 Top Picks