Tenable Network Security Podcast 110

Welcome to the Tenable Network Security Podcast Episode 110

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• PVS 3.6.0 for Linux now Available - Added the "Strip VLAN tags" setting to ignore the VLAN header, Nessus V2 report output format support, Deprecated the "failure-threshold" configuration setting, Improved stability when parsing PASL scripts, New license format (Requires a new license)

New & Notable plugins

• Use Nessus to find XSS and HTML Injection Vulnerabilities in your Cacti servers 0.8.7g
• Use Nessus to detect when SMB signing is disabled on your Windows hosts
• Detect vulnerabilities in Oracle databases from the January 2012 critical patch update with Nessus
• Detect the latest PHP denial of service vulnerability (CVE-2011-4566, CVE-2011-4885) with PVS

Interview: Dale Peterson of Digital Bond

Dale is an internationally-renowned SCADA security technologist and is responsible for a large amount of the available technical SCADA security content. In addition to his widely read SCADA security blog, Dale has written two Protection Profiles for NIST’s PCSRF, many whitepapers, magazine articles and presentations.

1. What is S4 and how did the conference go this year?
2. What were some of your favorite talks from S4 this year?
3. Vendors in the SCADA industry come under heavy fire from several in the security community. What can we do to help improve this siutation?
4. Have industrial systems gotten more resilient over time? For example, are they able to be scanned across the network or are local checks still preferred?
5. Recenty our respective research teams worked on creating several new Nessus and PVS plugins for several SCADA vulnerabilities. What are some of the vendors and products that have been added?
6. What is Project Basecamp?
7. Tell us about some of the other projects at Digital Bond, such as SCADApedia, Bandolier, Portaledge, and Quickdraw SCADA IDS

Stories

• Hacking critical infrastructure systems now as easy as pushing a button?
• Quantum physics enables perfectly secure cloud computing
• ‘Citadel’ Trojan Touts Trouble-Ticket System
• Mozilla pushes browser-based alternative to passwords
• Security Manager's Journal: You can't secure every employee's home

Download Tenable Network Security Podcast 110 (mp3)