Tenable Network Security Podcast - Episode 41

Welcome to the Tenable Network Security Podcast - Episode 41

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Research Spotlight: The Evil That Bots Do
  • Event Analysis Training - Analyzing Outbound SQL Queries
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 10 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

Stories

• Social Security Number Format - Some interesting information about the Social Security number. I think it's important for us, meaning security professionals, to understand how the number is used, formatted, and what the numbers mean. For example, the first three digits of the SSN indicate in which state your card was issued (for the most part) and the last four are used for many things, so deductive reasoning and some guessing could lead to your SSN being "cracked".
• CiscoWorks TFTP directory traversal exploit - This is a good example why you should take the vendor's description and impact of a vulnerability with a grain of salt (or maybe a whole box of salt). Cisco says, "A successful exploitation of this vulnerability may allow an attacker unauthorized access to view or modify application and host operating system files. Modification of some system files could result in a denial of service condition." The blog post linked to above tells a different story, and shows how to remotely upload files to gain remote command execution. If this is your CiscoWorks server, it means the attacker can control the devices on your network that are reporting to it, including obtaining management keys (SSH/Telnet/SNMP).
• Stored XSS Vulnerability on YouTube - Stored XSS (or persistent XSS) is worrisome for a few, ignored by many, and deadly for attackers. The ability to execute code in someone's browser in the context of a site they "trust" is very powerful. Dave Kennedy has developed some code that allows you to include a Java applet that runs executables on a person's system and finds it very successful when penetration testing.
• Tabnapping Attack On The Increase - This is a really neat attack that takes advantage of tabs in most browsers. Tabs are awesome, but in this case are being used against the user, mostly to steal credentials.
• Stego beats NSA detection - Pretty neat story of Russian spies getting caught (I mean, anything with Russian spies is fun stuff ala James Bond!). Turns out they were using information hidden in images (steganography) to hide information.
• Adobe's protection against embedded scripts incomplete - Apparently double quotes can be used to bypass the checks put in place by Adobe to prevent script execution.