The Big Red Button and the Kill Switch
April 25, 2013I have no idea if I had a role in the "Internet Kill Switch" debacle, but it's possible that I was one of the pushes that got that particularly horrible ball rolling. Back in 2002, when I was between ...
Recap: Geeking Out II with Marcus
April 15, 2013Ron and I spent most of the webcast rotating around the theme of detection algorithms: how do you determine what is normal and what is not? We started off with one of my favorite questions, "Are there...
Tenable Network Security Podcast Episode 163 - "Bind Vulnerability, Windows Hardening"
April 2, 2013Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials. ...
Using Nessus to Audit Microsoft SharePoint 2010 Configurations
January 23, 2013Trust, but Verify Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system ...
Tenable Network Security Podcast Episode 145 - "Source Code Leaks, Problems with Computer Security"
November 8, 2012<h3>Announcements</h3> <ul> <li><a href="http://www.tenable.com/careers/">We're hiring</a>! - Visit the Tenable website for more information about open positions.</li> <li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> which contains new Nessus and SecurityCenter 4 tutorials.</li> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make product and company announcements, provide Nessus plugin statistics, and more!</li> <li>Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join <a href="https://discussions.nessus.org">Tenable's Discussion Forum</a> for custom scripts, announcements, and more!</li> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes</a>!</li></ul> <h3>New & Notable Plugins</h3> <h4>Nessus</h4> <ul> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62757">ZABBIX Web Interface popup_bitem.php itemid Parameter SQL Injection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62776">Temenos T24 Detection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62783">ManageEngine OpStor Default Administrator Credentials</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62784">ManageEngine OpStor availability730.do days Parameter XSS</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62785">ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62795">CoDeSys PLC Runtime Service Detection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62796">CoDeSys Authentication Bypass Directory Traversal</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62797">CoDeSys Unauthenticated Command-line Access</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62798">Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62800">Kaspersky Password Manager 5.x < 5.0.0.169 HTML Injection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62801">Mac OS X : OS X Server < 2.1.1 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62802">Mac OS X : Safari < 6.0.2 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62803">Apple iOS < 6.0.1 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62812">CA ARCserve Backup Multiple Vulnerabilities (CA20121018) (credentialed check)</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62813">Symphony CMS Password Retrieval Script XSS</a></li> </ul>
Tenable Releases SecurityCenter Continuous View
August 9, 2012<p>Today, Tenable <a href="http://www.tenable.com/news-events/press-releases/2012-tenable-network-security-unveils-securitycenter-continuous-view" target="_self" title="Tenable Network Security Unveils SecurityCenter Continuous View">announced </a>the availability of a new edition of SecurityCenter, called Continuous View.</p> <p>This edition of SecurityCenter uniquely encompasses both scanning and monitoring, with the inclusion of Tenable's Passive Vulnerability Scanner (PVS). That makes SecurityCenter Continuous View uniquely capable of addressing vulnerability, configuration, and compliance management requirements for emerging technologies like mobile devices, cloud-based services, social applications, and virtual systems.</p> <p>The flexible licensing approach provided by SecurityCenter Continuous View allows enterprise customers to deploy PVS in much the same way as they do with Nessus within SecurityCenter, pretty much as many as needed.</p> <p>Existing SecurityCenter customers can upgrade to a ContinuousView license and begin to enjoy the benefits of continuous monitoring with PVS. These include:</p> <ul> <li>Real-time identification of server and client vulnerabilities </li> <li>Identification of mobile devices and their vulnerabilities </li> <li>Passive discovery of all internal and external web servers and databases </li> <li>Identification of trust and communication paths </li> <li>Passive monitoring of virtual environments </li> </ul>
Tenable Network Security Podcast Episode 119 - "Macs Don't Get Viruses, Detecting OS X Malware"
April 9, 2012<h3>Announcements</h3> <ul> <p><li><a href="http://www.nessus.org/news-events/press-releases/2012-tenable-network-security-certified-as-approved-scanning-vendor-asv-b">Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council</a>.</li></p> <p><li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus and SecurityCenter 4 tutorials. The <a href="http://www.youtube.com/playlist?list=PL339F3E44CA4D523D&feature=plcp">"Top Ten Things You Didn't Know About Nessus" videos</a> have been posted from #10 through #2, so check them out!</li></p> <p><li><a href="http://www.tenable.com/careers/">We're hiring</a>! - Visit the Tenable website for more information about open positions.</li></p> <p><li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes</a>!</li></p> <p><li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make product and company announcements, provide Nessus plugin statistics, and more!</li></p> <p><li>Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join <a href="https://discussions.nessus.org">Tenable's Discussion Forum</a> for custom scripts, announcements, and more!</li></p> <p><li><a href="http://blog.tenablesecurity.com/2012/03/nessus-5-on-demand-training-now-available.html">Nessus 5 OnDemand Training Now Available</a></li></p></ul> <h3>New & Notable Plugins</h3> <p><strong>Nessus:</strong></p> <ul><p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58604">OS Identification : NativeLanManager</a> - </li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58603">at32 Reverse Proxy Admin Portal No Password</a> -</li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58601">Microsoft ASP.NET ValidateRequest Filters Bypass</a> - </li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58621">Cisco WebEx WRF Player Multiple Buffer Overflows (cisco-sa-20120404-webex)</a> - </li></p></ul> <p><br /> </p>
SecurityCenter 4.2 and Community Dashboard Site Released
May 30, 2011<p><a href="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-pi" style="display: inline;"><img alt="FWR_SC" border="0" class="asset asset-image at-xid-6a00d8345495f669e201538ed394cc970b" src="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-800wi" title="FWR_SC" /></a>   <br />Tenable Network Security is proud to announce the immediate availability of SecurityCenter 4.2. SecurityCenter is used to centralize and report on system and event data such as vulnerabilities, logs, NetFlow, configurations and more. </p>
Tenable All-Star Showcase - Atlanta - February 22
February 7, 2011 Tenable Network Security will be hosting a half-day security and compliance seminar in Atlanta featuring Marcus Ranum, Ron Gula and Renaud Deraison. This is your chance to interact with Tenable ...
Putting a Virus under the SIEM Microscope Webinar
January 13, 2011 When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!Over the 30...
Tenable Network Security Podcast - Episode 64
January 5, 2011<p>Welcome to the Tenable Network Security Podcast - Episode 64</p> <p>Hosts: Paul Asadoorian, Product Evangelist, and Ron Gula, CEO/CTO</p> <h3>Announcements</h3> <ul> <li>Several new blog posts have been published this week, including: <ul><li><a href="http://blog.tenablesecurity.com/2011/01/log-correlation-engine-36-now-with-its-own-gui.html">Log Correlation Engine 3.6 – Now with its own GUI</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/ssl-certificate-authority-auditing-with-nessus.html">SSL Certificate Authority Auditing with Nessus</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/securitycenter-4-receives-fdcc-and-scap-validated-tool-certification.html">SecurityCenter 4 Receives FDCC and SCAP Validated Tool Certification</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/3d-tool-beta-video.html">3D Tool beta Video</a></li></ul> </li> <p><li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus <strong>and SecurityCenter 4</strong> tutorials, including the new <a href="http://www.youtube.com/watch?v=8rFVEijp2Gs">3D Tool Beta</a>.</li><br /> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the Tenable web site for more information about open positions. </li><br /> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes!</a></li><br /> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, provide Nessus plugin statistics and more!</li></ul><br /> </p>
Log Correlation Engine 3.6 – Now with its own GUI
January 5, 2011<p>Tenable Network Security has released version 3.6 of the <a href="http://www.nessus.org/products/lce/" target="_self">Log Correlation Engine</a>. This new version includes many performance enhancements as well as its own web-based user interface. This blog entry describes the new user interface, the increased performance and the new features of LCE 3.6.</p>