Tenable Blog

Welcome to the Tenable Network Security Podcast - Episode 24

Announcements

• Two new blog posts have been released titled "Not Just for Health Care Providers Any More - HITECH for Business Partners" and Nessus Plugin Spotlight: Linksys Router Detection.
• Come see us at RSA - Booth #956! I, Ron Gula, Renaud Deraison and many others from Tenable will be there demonstrating SecurityCenter 4.0 along with Nessus 4.2, the latest Passive Vulnerability Scanner and the Log Correlation Engine.
• A webinar is scheduled for February 25, 2010 titled, "Finding and Stopping Advanced Persistent Threats" where Tenable CEO Ron Gula and Tenable CSO Marcus Ranum will discuss strategies for preventing, finding and eliminating advanced persistent threats in enterprise networks.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!
• We're hiring! - Visit the web site for more information about open positions, there are currently 7 open positions listed!
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Embedded devices are often connected to a network with no regard given to security. The market has been saturated with devices such as web cameras, wireless routers, VoIP phones and more. Manufacturers are in a race to see who can produce the cheapest and most user-friendly device. Of course, when you make something cheap and easy to use, security is often one of the last considerations. We are left with consumer devices that come with default credentials, common web application vulnerabilities, and no encryption support on management protocols (HTTP vs. HTTPS, and Telnet vs. SSH).

The insecurity of embedded systems may not seem to be a big deal; what could someone possibly do if they compromised such a device? If the device is a router, the potential for traffic sniffing and DNS cache poisoning attacks are high. Other devices such as web cameras can be used to gather intelligence, used as jumping off points (such as printers as depicted in the book "Stealing the Network: How to Own a Continent") or even used as part of a botnet. There is one report of a botnet being built solely on embedded systems including wireless routers in particular. Vulnerable embedded systems are plentiful on the Internet, as uncovered by Columbia University researchers in October 2009 when they released vulnerability scanning data of 130 million IP addresses. Nearly 300,000 devices presented a management interface, with 21,000 of those devices using default passwords. I believe this poses a significant threat to our infrastructure and plan to talk in more detail about this topic at SOURCE Boston in April of this year. As I research embedded systems I regularly feed the Tenable research team information about my findings.

Announcements

• Two new blog posts have been released titled "Microsoft Patch Tuesday - February 2010 - "From Microsoft with Love" Edition" and Shmoocon 2010 Security Conference.
• A webinar is scheduled for February 25, 2010 titled, "Finding and Stopping Advanced Persistent Threats" where Tenable CEO Ron Gula and Tenable CSO Marcus Ranum will discuss strategies for preventing, finding and eliminating advanced persistent threats in enterprise networks.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments, and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!
• We're hiring! - Visit the web site for more information about open positions, there are currently 12 open positions listed!
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Patch Tuesday Gives Birth to "Zombie Wednesday"

The Tenable research team spent the night writing 14 new plugins to check for the latest round of Microsoft patches. While many will have to schedule patch installations, those who run with full automatic updates enabled are theoretically all patched by now. However, it doesn't hurt to check with a quick Nessus patch audit.

Microsoft is in Love With the Word "Could"

There are several terms used by Microsoft throughout their advisories that spread uncertainty about the risk of the vulnerabilities presented. The excessive use of the world "could" is one such example. In the MS10-002 bulletin Microsoft states:

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

I “could” also win the lottery, inherit millions of dollars and walk on water. In the case of this exploit "could" is an exceptionally bad word choice as there are several example videos showcasing the exploit in action using open-source software. The other issue with the above statement is the obligatory "users with less rights on the system will be less impacted". Someone should tell the Microsoft PR team that there are two privilege escalation exploits on the list this month, and one has been widely publicized for almost a month. On that note, let’s take a closer look at the 14 bulletins and 26 vulnerabilities that were patched this month.

BERLIN/ZURICH (Reuters) - A Swiss lawmaker likened German attempts to buy data on cross-border tax evaders to bank robbery on Tuesday and the Swiss banking lobby said Berlin was acting as a receiver of stolen goods.

Reference: Swiss lawmaker accuses Berlin of "bank robbery"