Tenable Network Security Podcast - Episode 56

Welcome to the Tenable Network Security Podcast - Episode 56

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Plugin Spotlight: D-Link DCC Protocol Security Bypass
• Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

Stories

• SCADA Vendors Still Need Security Wake Up Call - Security researcher and member of the Tenable Research Team Jeremy Brown brings light to vulnerabilities in SCADA systems. I have been observing this behavior from vendors for quite some time (and not just in SCADA) and that is they don't want to admit there is a problem. You can look at this two ways: if I want to take over the world and cause mass hysteria and carnage, I could write exploits for control systems and take them over. Then again, finding a 0-day vulnerability in Windows XP and writing an exploit for it could have the same results. However, the general "feeling" I get from SCADA vendors is they are very distant from the security culture and processes. This has to change.
• Cross-platform malware runs on Windows, Mac and Linux - This malware pretends to show you a video; it turns out it's a slide show from "Hot or Not" and in the background the malware installs a Java applet, asks you to trust it, and if you click "Allow" it downloads files to your computer and runs them. This is a very scary technique that has been most effective, both for penetration testers and evil bad guys alike.
• iPhone, meet Wireshark - Capturing Traffic from Mobile Devices - You could really do this with any mobile phone. It could be fun to open multiple applications and see what data they are sending and receiving, and identify if encryption is or isn't being used.
• BIOS Password Backdoors in Laptops - It really amazes me how vendors can just forget about security completely. According to this article, if you enter an incorrect BIOS password 3 times most systems will display a warning message that says "System Disabled" along with a checksum value. The checksum value can then be used to derive the real password via cracking methods published in several scripts released by the author.
• Evilgrade gets an upgrade - There are now 63 modules in the Evilgrade framework, allowing attackers to intercept the update process of several popular applications and install software of their choosing. You do need to be "in the middle" to make this attack happen, however it can easily bypass antivirus and give you access to fully patched systems, or even turn a fully patched system in to a not-so-fully-patched-system.
• [Insert Token Adobe Zero Day Vulnerability Warning Here] - End of message. No, seriously, there are more flaws being found in Adobe products, including Flash and Reader. My only suggestion is to take a look at FX's presentation from Black Hat 2010 called "Countering Flash Exploits". The overview is that they are working on software that looks at what an application does, such as Flash or a PDF document, then re-writing it and only allowing the functions that are being implemented. Think of it as a sandbox that is customized for every document and application. This technology has a good chance of creating a more secure computing environment for many.