Tenable Network Security Podcast - Episode 45
Welcome to the Tenable Network Security Podcast - Episode 45
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
Announcements
- Several new blog posts have been published this week, including:
- The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
- Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.
- We're hiring! - Visit the web site for more information about open positions. There are currently 10 open positions listed:
- Sales Engineer
- Regional Sales Manager
- Inside Sales Representative
- Tenable Nessus Trainer
- Customer Support Engineer
- Quality Assurance Analyst/Engineer
- Compliance Auditor
- Vulnerability Research Engineer
- Linux Appliance Engineer
- Flex/Flash Developer
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!
Stories
- Crack The Hashes! - There are several tools available to crack hashes, including John The Ripper and Ophcrack. This new tool called "Hashcat" looks really nice! It's able to crack multiple hashes (MD5, SHA, MySQL, NTLM, etc.), is multi-threaded, and claims a high rate of password cracking. I think it's important to note that someone could easily buy a fast server "in the cloud" and use this software to crack lots of passwords, lowing the time and cost associated with password cracking. This should cause you to implement more and better defenses than just an MD5 hashes password protecting your database. Don't forget to check out oclHashcat which uses graphics cards' CPU to crack the passwords!
- Tinkering With Registry Allows LNK Patch to install on XP SP2 - Neat little trick! Of course, you could just install SP3...
- Windows Kernel Bug 0-Day - Exploitable? - I tend not to base my risk decision too much on the "exploitability" factor. The truth is there could be people out there with the knowledge and skills to exploit a vulnerability that most are saying is next to impossible to exploit. Also, maybe they are just stringing us along and really do have a working exploit. In any case, if there is a bug or vulnerability, it should be patched. If patches break things, well, you should test them first. If you run software that is easily broken by a patch, then you should buy new software because there is a greater risk (and cost) of running bad software to run your business then there is that it will be exploited.
- "Smartphone Security" - First, what the heck is a smart phone? I heard someone ask the question earlier today, and I began to think about that it really was. At the end of the day, a smartphone a computer with a cell phone built-in. I mean, its clunky to carry around a laptop and hold it to your ear to talk, so they just made them smaller. In all facets, it's just a small computer. In that sense, it should come as no surprise that it will be attacked just like your computer. Chris Wysopal stated that smartphones are now at the point the PC was in 1999. Amen brother, this is just the beginning.
- Auditing your Kiosks - iKat is a great tool to audit your Internet terminals and Kiosks. It's a web site that you browse to when using a kiosk and provides several different ways to break-out of the kiosk environment and get to the operating system. The new version adds some features, such as newer exploits, Silverlight, and an "emo-kiosking" which crashes the kiosk in an attempt to break out. I suggest that organizations use this tool in your lab to test how difficult (or easy) it would be for someone to walk up to one of these machines and install malware on it or use it to attack the rest of the network.
- Fuzzing Barcode Readers With LED - This is so cool: "The LED is turned on for sections of the barcode that should be white (this simulates reflected light), and off for black sections of the barcode (very little reflected light)." It could be a really neat kind of attack if you could create a barcode that were to inject malicious code into the system. You could create barcodes and stick them anywhere, hoping to get your code to run!
Related Articles
- Podcast