Tenable Network Security Podcast - Episode 23
February 15, 2010Welcome to the Tenable Network Security Podcast - Episode 23 <h3>Announcements</h3> <ul> <li>Two new blog posts have been released titled "<a href="http://blog.tenablesecurity.com/2010/02/microsoft-patch-tuesday---february-2009---from-microsoft-with-love-edition.html">Microsoft Patch Tuesday - February 2010 - "From Microsoft with Love" Edition</a>" and <a href="http://blog.tenablesecurity.com/2010/02/shmoocon-2010-security-conference.html">Shmoocon 2010 Security Conference</a>.</li> <li>A webinar is scheduled for February 25, 2010 titled, "<a href="http://blog.tenablesecurity.com/2010/01/finding-and-stopping-advanced-persistent-threats-webinar.html">Finding and Stopping Advanced Persistent Threats</a>" where Tenable CEO Ron Gula and Tenable CSO Marcus Ranum will discuss strategies for preventing, finding and eliminating advanced persistent threats in enterprise networks. </li> <li>You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "<a href="https://discussions.nessus.org/community/social">Tenable Social Media</a>" thread. I would love to hear your feedback, questions, comments, and suggestions! <a href="https://discussions.nessus.org/thread/2018">I put up a call for ideas on new Nessus videos</a>, so please give us your feedback!</li> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the web site for more information about open positions, there are currently 12 open positions listed! </li> <li>You can subscribe to the <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=329735657">Tenable Network Security Podcast on iTunes!</a></li> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, Nessus plugin statistics, and more!</li> </ul>
Afterbites with Marcus Ranum: Gartner & Two-Factor Authentication
December 17, 2009<p>Afterbites is a blog segment in which Marcus Ranum provides more in-depth coverage and analysis of the SANS NewsBites newsletter. This week Marcus will be commenting on the following article:</p> <p><strong>Gartner Report Says Two-Factor Authentication Isn't Enough</strong><br /> (December 14, 2009)</p> <blockquote><cite>A report from Gartner says that two-factor authentication is not providing adequate security against fraud and online attacks. Specifically, Trojan-based, man-in-the-middle browser attacks manage to bypass strong two-factor authentication. The problem resides in authentication methods that rely on browser communications. The report predicts that while bank accounts have been the primary target of such attacks, they are likely to spread "to other sectors and applications that contain sensitive valuable information and data." Gartner analyst Avivah Litan recommends "server-based fraud detection and out-of-band transaction verification" to help mitigate the problem.</cite></blockquote> <p><strong>References:</strong> <a href="http://www.eweek.com/c/a/Security/2Factor-Authentication-Falling-Short-for-Security-Gartner-Says-303095/">2-Factor Authentication Falling Short for Security, Gartner Says</a> & <a href="http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222001977">Strong Authentication Not Strong Enough</a> </p> <p>I found this article interesting because it typifies, for me, the end result of the "whack-a-mole" approach to computer security. Certain technologies are sold as "security enablers" but customers don't seem to understand (and/or aren't informed) of the reality: security is a top-to-bottom problem that doesn't have any single place where you can add a widget that'll magically make you safe.<br /> </p>
Tenable Network Security Podcast - Episode 7
October 13, 2009<p>Welcome to the Tenable Network Security Podcast - Episode 7</p> <h3>Announcements</h3> <ul><li>New blog post going up today on the experiences at Cyberdawn, a cyber exercise that puts hackers against defenders in a realistic environment.</li> <li>Attention Security Center customers! A new version of Security Center, 3.4.5, has been released and is available for download in the customer support portal (Security Center customers can find the<a href="https://discussions.nessus.org/message/3615#3615"> release notes</a> the <a href="http://discussions.nessus.org">discussion portal</a>). It includes such improvements as web application scanning support.</li> <li>Paul Asadoorian was interviewed on <a href="http://feedproxy.google.com/~r/securabitsite/~3/vqaj5nGH63I/">Securabit Episode 40</a> and discusses all things Nessus and some of the features in our enterprise products such as Security Center and the Passive Vulnerability Scanner (PVS)</li> <li>Paul Asadoorian spoke at the <a href="http://www.louisvilleinfosec.com/">Louisville Infosec conference</a> on web application security on October 7, 2009</li> <li>As always be sure to check out our blog at <a href="http://blog.tenablesecurity.com">http://blog.tenablesecurity.com</a></li></ul> <h3>Interview: John Bos - <a href="http://www.cybrexllc.com/">Cybrex, LLC</a></h3> <table class="image" align="center"> <tr><td><div style="text-align:center;"><img src="http://tenable.typepad.com/.a/6a00d8345495f669e20120a5e061d8970b-pi" alt="John_Bos.png" border="0" width="320" height="240" /></div></td></tr> <caption align="bottom"><strong>John Bos joins us to talk about his 10 years of experience with the Defcon CTF and his team "sk3wl0fr00t".</strong></caption> </table>
Logs of Our Fathers
September 22, 2009<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED site</a>. I highly recommend it - there's lots of interesting and quirky stuff. I managed to talk him into giving me a copy of his powerpoint file, and subsequently tracked him down and am re-posting this material with his permission.</p> <h3>November, 1951 </h3> <p style="TEXT-ALIGN: center"><a href="http://www.ranum.com/security/computer_security/papers/ur-syslogs/first_syslog.jpg" target="_blank"><img border="0" height="375" src="http://www.ranum.com/security/computer_security/papers/ur-syslogs/t/first_syslog.jpg" width="500" /></a> <br /><strong>Machine Log #1</strong></p>
ShmooCon 2009 - Playing Poker for Charity
February 12, 2009Tenable sponsored a booth at this year's ShmooCon and ran a Texas Hold'em table to help raise money for the Hackers for Charity organization. We raised close to $400 from conference attendees ...
DOJOSEC - Compliance Presentation
January 5, 2009The next DOJOSEC is this week. I've been invited to speak about the latest compliance trends in PCI and FDCC. Also presenting will be Shaf Ramsey of TechGaurd Security and Dale Beauchamp of the Transp...
Being the Caveman - Tenable Style
October 10, 2007After reading Richard Bejtlich's "Be the Caveman" blog post about the convicted hacker Robert Moore, I felt it would be interesting to show how unifying vulnerability monitoring, configurati...
Dragon Intrusion Defense System support for Nessus and the PVS
February 21, 2007Today Tenable announced a partnership with Enterasys Networks that enables customers of both companies to operate Nessus and/or the Passive Vulnerability Scanner (PVS) directly on the Dragon sensor. C...