Tenable Blog

Announcements

• Predicting Attack Paths - Tenable has published a technical paper titled "Predicting Attack Paths." The paper describes how to leverage active and passive vulnerability discovery technology to identify in real time Internet-facing services, systems, and clients on your network which can be exploited in a variety of scenarios.
• Tech Tip: If you are running Nessus on Backtrack 5, consider using Google Chrome as your web browser. It runs Flash seamlessly and works great with Nessus. Firefox has some issues with Flash, and some people recommend the "Flashaid" extension.
• Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council.
• Available for download in the Tenable Support Portal: "The Tenable Event Correlation Paper."
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution - "In the file 'zp-core/zp-extensions/viewer_size_image.php' the value of the cookie 'viewer_size_image_saved' is not properly sanitized before being used in an 'eval()' call. This can allow arbitrary PHP code to be executed on the server."
• Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections - These particular SQL injection bugs allow an attacker to compromise your Tivoli management server, which is a critical asset and likely contains information on all of your systems, and even allows you to install software on remote systems. Also, the fix is not so easy: "There is no replacement for Tivoli Provisioning Manager Express for Software Distribution. IBM recommends installing Tivoli Endpoint Manager for Lifecycle Management v8.1 or later."
• Microsoft Windows Startup Software Enumeration - Searches two registry keys and reports back the software contained in each key that will run at startup.

The plugins below are local patch checks for Cisco IOS devices:

• Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
• Cisco IOS Software Network Address Translation Vulnerability
• Cisco IOS Software Command Authorization Bypass
• Cisco IOS Software RSVP Denial of Service Vulnerability
• Cisco IOS Software Smart Install Denial of Service Vulnerability
• Cisco IOS Software Reverse SSH Denial of Service Vulnerability
• Cisco IOS Software Zone-Based Firewall Vulnerabilities

• Apple jailbroken device detected

• Facebook app access

We are pleased to announce the release of Nessus 5 On Demand Training. Highlights of the new self-paced training course include:

Announcements

• Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council.
• Available for download in the Tenable Support Portal: "The Tenable Event Correlation Paper."
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO

Announcements

• Tenable had a great presence at the recent RSA Security Conference. Several of us gave presentations, provided demos at the booth, and participated in panels. Check out the Tenable Blog for full coverage.
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• DNSChanger Malware Detection
• HP Printer Firmware Signing Disabled
• Patch Management: SCCM Report

Passive Vulnerability Scanner:

• IBM iSeries FTP service detection
• Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution
• Mozilla Thunderbird 10.x 10.0.2 'png_decompress_chunk' Integer Overflow

The idea of ‘fighting back’ against hackers is both scary and risky business. Most security professionals would strongly advise against it, in part because one false move could land you behind bars. But ‘fighting back’ doesn’t have to translate into attacking an attacker’s IP address, setting up lethal traps for hackers, or purposely damaging systems--it’s about defending your own networks, while working to identify and gather evidence of the attack and attackers.

Tenable’s Paul Asadoorian will be presenting alongside John Strand, Senior Instructor with the SANS Institute, on this topic at RSA today, March 1, 2012. They’ll share practical advice on how to responsibly integrate offensive measures into your network security strategies. They’ll also cover legal considerations, relevant case studies of people and organizations that strategically (and legally) fought back, sensible techniques, and strategies for determining if offensive countermeasures are right for you.