Tenable Network Security Podcast - Episode 58

Welcome to the Tenable Network Security Podcast - Episode 58

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Advanced SIEM Webinar Series - November through December
  • Nessus 4.4 Introduction Webinar - November 17th 1:00PM EST
  • Nessus 4.4.0 Released!
  • Microsoft Patch Tuesday Roundup - November 2010 - "Stuck In The Mud" Edition
  • Advanced Web Application Scanning Using Nessus Video

• Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.


• We're hiring! - Visit the web site for more information about open positions.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

News Stories & Articles

• 4 Reasons Why You Should Upgrade To Nessus 4.4.0 (Digital Bond) - Nice post from the folks over at Digital Bond! It outlines some of the major new features and some (like the ability to cipher the Nessus data) that you may have missed. Of course the big feature is scheduling!
• New Google Hacking Database Being Hosted and Maintained by Exploit-DB - So glad to see this back! GHDB has been a great source of information for identifying exposed information indexed by Google. The new interface is slick and there is a description of each "Dork" with a direct link to execute that search. This may be a good time to review your robots.txt entries.
• Can't we all just use the same WPA-PSK and be safe? - No, and no, and oh wait, a thousand times NO. On a WPA-PSK network everyone shares the key, and this means everyone can eavesdrop on each other. Nice job of this article pointing out flaws in another article that was suggesting we all agree on a WPA-PSK value, such as "free", to protect ourselves from Firesheep!
• How to secure your centos - I just have to say, this is a great web site with lots of useful tips on hardening CentOS. I've really been liking CentOS lately, and as Debian frustrates me even more, I am gravitating towards CentOS for my Linux server deployments. Also, Tenable's enterprise products have excellent coverage for CentOS.
• All-In-One ATM Skimmers - This article outlines some of the features sought after by ATM card skimmers, who stand to make some decent money. However, they do have to physically visit the machine if they are using this device. Brian Krebs does a lot of great work in the area of uncovering how the bad guys are operating. I think its important for us to understand physical security and how it interacts with data security.
• Searching for Sensitive Data Using URL Shorteners - Ever wonder what type of URLs people shorten? Well, the author of this post did and wrote a script to pull shortened URLs, and to no one's surprise, found sensitive information and other interesting things.