Tenable Network Security Podcast - Episode 44

Welcome to the Tenable Network Security Podcast - Episode 44

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Scanning Large Networks with Nessus
  • Plugin Highlight - Web Application Tests : Load Estimation (ID 33817)
  • 10 Devices Attackers May Think About Attacking
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" will be at BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 8 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, list Nessus plugin statistics and more!

Stories

• More Badge Hacking Fun! - Dennis Brown had some fun with the Ninja Party badges, which all used ZigBee with little authentication, meaning you could change player levels and messages on other people's badges.
• GSM Catcher gets a run at Defcon - I saw a Tweet this weekend that describes GSM as Telnet and 3G as SSH. This is pretty scary as GSM is still in widespread use.
• VxWorks Vulnerability Details Released - VxWorks is a very popular embedded operating system. Vulnerabilities were recently discovered that allow a remote attacker to read memory from a device over a UDP port. This also allows you to gain access to the device and trivially crack the password hash that uses proprietary encryption (which is a no-no). I also found this to be the scariest part: "it became obvious that an unknown party had already spent most of 2006 scanning for this service". While we all hem and haw about disclosure, I've always had a sneaking suspicion that the real bad guys are one step ahead of us, and in this case they were about four years ahead.
• Malware for Nintendo DS and Wii - Researchers demonstrated how they could upload code into these devices and then in turn cause them to attack the network. Most people don't think about their gaming console getting a "virus", but I am glad someone is doing this research and publishing it because I've always speculated about this attack vector.
• Android Rootkit - Really cool use cases, like reading all phone history and text messages, make calls on the phone without the user knowing (e.g. 900 numbers). The rootkit is a Linux kernel module that can hide its presence.
• Marcus Ranum: Be Serious About "Cybersecurity" - Pretty neat interview with Marcus covering a lot of different topics. One thing that bothers me though is the two-factor authentication and using to protect endpoints. I think if the endpoint is compromised, it doesn't matter how many factors of authentication you have: your data is compromised. Since I can compromise an endpoint and gain direct access to memory, the network traffic, and keyboard strokes it means I can bypass all the security you have in place.