Tenable Network Security Podcast - Episode 123

Welcome to the Tenable Network Security Podcast Episode 123

Announcements

• New video: Ron Gula on Why Tenable Fits the U.S. Department of Defense
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• CiscoWorks Common Services HTTP Response Splitting - HTTP response splitting is a tricky vulnerability, and therefore may be dismissed by some as not important. Its important to note, that essentially, it can give attackers control of a web application if they can convince users to click on a link or load HTML code in their browser. Also important to note that CiscoWorks is used by many to manage the entire network infrastructure. My attack against this software would aim to steal the SNMP or other credentials on all the network gear in your network.
• MediaWiki Multiple Vulnerabilities - Important updates for this software if you are running MediaWiki, a very popular Wiki software that also runs Wikipedia.
• VMware Workstation, Player, ESXi and ESX Critical Patches - ''This vulnerability may allow a guest user to crash the VMX
  process or potentially execute code on the host.'' - Any vulnerability that allows an attacker to execute code on the host system of your VMs should get the highest priority on your patch list.
• PHP Unsupported Version Detection - Keep up-to-date with your PHP releases! Easier said than done, as some developers will write applications that lock you into a specific version, which makes upgrading a much slower process.
• RuggedOS Telnet Server Backdoor - This one has been featured in the press lately. I'm confused as to why the MAC address would be displayed in the TELNET banner.
• Scrutinizer Multiple SQLi Vulnerabilities - Used to manage Netflow data, SQLi bugs are ones you don't want to see in this type of application.

Passive Vulnerability Scanner (PVS)

• Usenet File Detection (.nzb) - ''The remote web server is hosting .nzb files. NZB files are used by USENET clients to download large files.'' If you want to know if your network is participating in hosting USENET, this is the signature for you.
• Polycom VoIP Client Detection - VoIP software has had its share of vulnerabilities, and making sure it only exists where you want it to exist is part of good network management.

SecurityCenter Report Templates

• Adobe Readers and Players - It seems each week there is a new vulnerability exposed for either Adobe Reader or Adobe Flash. This report will provide you with your total exposure across both products.

SecurityCenter Dashboards

• DNSChanger Monitoring - This dashboard is a snapshot of which systems Nessus and PVS have discovered with DNSChanger malware, and provides a comprehensive look at your current state of infection.

Compliance Checks

• As part of the "NIST FDCC and SCAP Compliance Audit Policies" we've made available new USGCB audits for XP, Vista, IE7 and IE8 in the Tenable Customer Support Portal.

Stories

1. VMware Backdoor Response Uninitialized Memory Potential VM Break - When I review a vulnerability disclosure I like to pay attention to the dates. That is, the date the vendor was notified and the date the information was published. In this case: "Reported: December 5, 2011" and "Published: May 3, 2012". Not too shabby all things considered, such as what it might take to implement a code fix in VMware.
2. Stupid Human Tricks: Security Job Interviews - Some really great quotes, such as "In my last job I used Nexxus a lot". Now editors of this post please note this is an actual quote, and yes, someone said "Nexxus" instead of "Nessus"!
3. RuggedCom will block industrial control backdoor - Two things about this situation I wanted to point out, for one: "A year after it was first discovered, a backdoor in industrial networking kit from Canadian RuggedCom is to be fixed – sometime soon." I believe they need to have a date set for the fix to be released. And then this:
4. FTP a Dead Protocol or Very Much Alive? - "One thing that can be done is to segregate FTP traffic on your network by creating a VLAN for that particular traffic. Another thing is to turn off FTP on any workstation. One of the most important steps is to move to a secure protocol like SFTP that uses SSH and has a form of encryption to keep sensitive data safe also make sure that you are loging all trafic to and from the FTP servers." I don't so much agree with segmentation. It just takes the problem and moves it to a different part of your network, without really solving it. Turning off FTP on the workstations is a good idea, but you better make sure you have measures in place for continuous monitoring. SSH and SFTP are great ideas as well, but a pipe dream until Microsoft ships an operating system with an implementation of OpenSSH.
5. OS X Lion update exposes encryption passwords - The password used to encrypt your hard drives in OS X can be displayed in plain-text. This means the attacker can encrypt your drive, and then change the password. Whoops!
6. From LOW to PWNED [6] SharePoint - Great point about open shares, they are fountains of information.