Tenable Network Security Podcast - Episode 12

Welcome to the Tenable Network Security Podcast - Episode 12

Announcements

• A new blog post has been released that covers my experiences scanning Windows 7 with the latest version of Nessus 4.2 (yet to be released).
• Tenable in the news: Marcus Ranum Presents "Internet Nails" at TED, A Review of Nessus published by SC Magazine "Everyone needs a good network vulnerability scanner " was published
• Marcus Ranum was named one of the "industry pioneers" in a recent SC Magazine article, and Ron Gula was named in an article about market entrepreneurs also published by SC Magazine
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Interview: Marcus Carey - Dojocon/Dojosec

Marcus J. Carey supporting good causes like Hackers For Charity.

Marcus is the Director of Innovation at Saecur, an Information Assurance Architect, Inventor, Knowledge Transfer Expert, Mentor, and Speaker. He has created a monthly security briefing program called "Dojosec", and just recently launched the first yearly security conference to accompany the monthly briefings called "Dojocon".

Stories

• Spammer How-To Guide Leaked! - Cyber criminals made an "oops" that allowed users to download manuals containing instructions on how to conduct spamming attacks. The information included "how they use SEO optimization to achieve top rankings on search engines, and how they trick CAPTCHA. You can learn how to use Xrumer and Hrefer, two ideal spamming tools."
• The "Responsible Disclosure" Debate Continues - While the debate rages on between security researchers and vendors about what "Responsible" really means in this context, the fact remains that vulnerabilities are discovered, reported, and not patched. If you don't believe me, check out the ZDI initiatives pages of "upcoming advisories". It lists the vulnerabilities that have been reported, which vendor is responsible for the software, and how long it is taking to patch.
• Microsoft Issues Advisory on Windows 7 Security Bug - A new bug in the SMB protocol has been uncovered by security researcher Laurent Gaffie. Proof of concept code has been posted and is known to cause a denial of service condition on Windows 7 systems. Microsoft has released an advisory and is working on a patch.
• Good Social Engineering Article to Share With End Users - While attackers and penetration testers will use social engineering to break into your networks and access sensitive information, its important for end users to be educated about these attacks. In the same way you raise awareness surrounding email phishing scams or the latest malware, its important to raise awareness about social engineering. The examples in this article are well done, including this little story which highlights how "angry people" can slip past your defenses: "A good real world example of this is my buddy wanted to sneak some alcohol into an amusement park. The park has a guard station to check the bags and a wand to detect metal. My buddy started up a heated fight with his wife before they walked up and the guards just waved them by the checkpoint without checking or wanding them!"

Tenable Events

• 2009 OWASP Application Security Conference in Washington, DC at the Walter E. Washington Convention Center on November 10-13th, 2009
- Quote from our very own CEO: "I had a good time showing SC 3, SC 4 and Nessus 4.2 to folks at the OWASP conference last week. I really feel the combination of web app auditing with Nessus, web log monitoring with LCE and things like process accounting and MD5 checksum analysis of logs was much more than folks were expecting from Tenable at the show."