Network Security Podcast, Episode 188, March 9, 2010
Time:  32:01

Show Notes:

• Great coverage of Martin’s RSA panel on disclosure. One of the first with an actual user on the panel.
• Government declassifies parts of the Comprehensive National Cybersecurity Initiative.
• Police get webcam pictures in school spy cases.
• Experts dismiss end to end encryption claims. Bunch of gross generalizations.
• Oops- Vodaphone distributes infected phone.
• … and Energizer distributes malware in USB battery software.
• Tonight’s music: 

NSP-RSAC2010-Sourcefire.mp3

NSP-RSAC2010-ISC2.mp3

NSP-RSAC2010-KasperskeyLab.mp3

NSP-RSAC2010-AstaroSecurity.mp3

NSP-RSAC2010-FSecure.mp3

* I’m with @CSOAndy who believe the A in APT should stand for Adaptive, not Advance.  It’s much more descriptive of what’s really happening.

NSP-RSAC2010-PandaSecurity.mp3

NSP-RSAC2010-ICSALabs.mp3

Announcements

• Two new blog posts have been released titled "Implementing Perimeter Intrusion Detection" and SecurityCenter 4 Introduction". Also, Nessus 4.2.1 was released with support for Solaris and some significant performance enhancements.
• Come see us at RSA - Booth #956! I, Ron Gula, Renaud Deraison and many others from Tenable will be there demonstrating SecurityCenter 4.0 along with Nessus 4.2, the latest Passive Vulnerability Scanner and the Log Correlation Engine.
• The webinar performed on February 25, 2010 titled, "Finding and Stopping Advanced Persistent Threats" in which Tenable CEO Ron Gula and Tenable CSO Marcus Ranum discussed strategies for preventing, finding and eliminating advanced persistent threats in enterprise networks is available for download.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!


• We're hiring! - Visit the web site for more information about open positions, there are currently 7 open positions listed!


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Stories

• Detecting the TDSS/TDL3/Tidserv rootkit with Nessus (Login Required) - This is really great usage of an audit file! It searches the Windows registry for keys associated with the rootkits and alerts on it. This is the rootkit that was causing the "Blue Screen Of Death" problems when users applied some of the recent Microsoft patches. Nessus ProfessionalFeed customers can download the audit file and use it to detect this rootkit in your environment before applying the patches from Microsoft.
• New Internet Explorer Vulnerability - This is perhaps one of my favorite vulnerability write-ups in a long time. First it states, "a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website" and then goes on to say "As of now all users need to remember is to not press F1 when they are accessing websites." Can we just remove the F1 key from the keyboard?
• SCADA Devices on Verizon and Other Wireless Networks - This is interesting, as I have been doing some of my own research in this area. Many SCADA security tactics rely on the so-called "air-gapped" network. This usually does not work out so well when stuff needs to actually talk to other stuff. So slowly they creep onto the network, but since the assumption is that it's "Air-gapped" no one really bothers to look for these devices on the network. Also, since it's a "harmless" embedded system people will assume that they do not have to secure it, so they leave default passwords. This is just a bad combination! Take time to secure everything in your environment and apply your security strategy to all systems, even the embedded ones.
• GuestStealer Information Wrapup - This is a great summary post of all of the information surrounding the guest stealing vulnerability released at Shmoocon. Nessus was used to detect a directory traversal vulnerability that lead to multiple vulnerabilities in VMware systems that could allow an attacker access to download the entire collection of guest operating systems on the host. Nessus has new checks that look for this specific vulnerability as well.

Download Tenable Podcast Episode 25

NSP-RSAC2010-VoltageSecurity.mp3

Listen in as we discuss Sunbelt Software’s CWSandbox and other products, along with in-depth malware detection and analysis!

#BSidesSF – Tuesday/Wednesday, March 2-3, 2010 @ 10am – 5pm
#BSidesAustin – Saturday, March 13, 2010
#BSidesBOS – Saturday/Sunday, April 24-25, 2010
Chat with us on IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Christopher Mills – @thechrisam
Chris Gerling – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit

Guests:
Brian Jack – Sunbelt Software
Chad Loeven – Sunbelt Software

Links:

http://www.sunbeltsoftware.com/

http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/

http://www.securitybsides.com/

On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence.

• Greg Morrisett
• The Center for Research on Computation and Society
• Ynot
• RoboBees
• NoBot
• GoNative