Tenable Network Security Podcast Episode 121 – “Enterprise Netstat, OS X Trojans”

Welcome to the Tenable Network Security Podcast Episode 121

Announcements

New & Notable Plugins

Nessus:

Passive Vulnerability Scanner (PVS):

  • Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities – Sometimes you just have to install select software to make something work. This is one such example, where a video won’t play for a user, so they have to quickly install RealPlayer to make it work. Then they forget about it, and it’s never kept up-to-date.

  • TeamViewer detection – This software reminds me of PC Anywhere, or even better, GoToMyPC, all of which are just bad ideas. They work to bypass firewalls and give people access to their desktops. From a security perspective, this type of access has always led to risky situations, which are often taken advantage of by attackers.

SecurityCenter Report Templates:

  • Nessus Enhanced Botnet Detection“The sample above was cut from one of three chapters and depicts the successful progress towards the removal of malicious software, and related configuration changes, measured by repetitive Nessus scanning over time. After the sharp upwards trend caused by initial malware detection there is a healthy downwards trend.”
  • TeamViewer Detection“This template was designed to report hosts and network locations that have been observed using TeamViewer. The sample above was cut from one of two chapters in the template and points to the physical network locations where TeamViewer was observed in use.”

Stories

  1. Three No-Nos When Interviewing For an InfoSec Job – Some really funny stories here, like the interviewee who was hacking into the wireless network!
  2. USB drive uses voice recognition for increased security – I’m curious to see how (or if) this really works, a voice pattern to unlock your USB thumb drive. Very James Bond, but typically the security on these devices is bypassed some other way, getting around the “my voice is my password.” Though, I’ve always wanted to say, “Hi, my name is Werner Brandes. My voice is my passport. Verify Me.”
  3. WordPress fixes file upload security problems – WordPress is a scary place. If you must use it, make sure you have your own install, are hardening your PHP install, and using something like Mod_Security.
  4. Firefox skirts Windows security feature to make silent updates happen – UAC bypass to install updates!
  5. Monitor OS X LaunchAgents folders to help prevent malware attacks – There are a few different folders in OS X software will reside in to automatically start. This is a neat place to look and check the things that get placed here. Similar to the Windows registry keys.
  6. 15-year-old arrested for hacking 259 companies – How bad is website security when a 15-year-old can hack over 200 companies?
  7. XSS Shortening Cheatsheet « Neohapsis Labs – Pay attention to this if you are finding XSS and not able to exploit it or demonstrate it.
  8. The Trouble with IPv6
  9. Security Issues in IPv6 Transition

View full post on Tenable Network Security

Sites we like

Hacker For Hire
Am I Hacker Proof
How to become the world’s No. 1 hacker