Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Paul Asadoorian

Profile picture for user Paul Asadoorian
As founder and CEO of Security Weekly, Paul remains one of the world’s foremost experts on all things cybersecurity. Security Weekly is a one-stop resource for podcasts, webcasts and other content, informing community members about penetration testing, vulnerability analysis, ethical hacking and embedded device testing. Previously, Paul served as a lead IT security specialist for Brown University, and as an instructor with The SANS Institute.
Blog Post

Tenable Network Security Podcast Episode 134 - "Black Hat, BSides, & Defcon"

Announcements Tenable CSO, Marcus Ranum, Featured in Documentary and Quoted in Forbes Tenable CEO, Ron Gula, Discusses Gamingo Breach on FoxNews We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus Cisco TelePresence Multipoint Switch XML-RPC DoS WaveMaker Less Than 6.4.6 Security Bypass Eaton Network Shutdown Module Default Administrator Credentials Nagios XI Less Than 2011R3.0 XSS Vulnerabilities Sony VAIO Wireless Manager ActiveX Control Buffer Overflows ISC BIND 9 Multiple Denial of Service Vulnerabilities

Blog Post

Black Hat 2012

Conferences Fuel Your Passion Few things spark your passion for information security the same way as a conference. It’s inspiring to talk to so many different people in the industry and listen to a variety of talks, all in one place. I had the chance to personally meet many readers of the Tenable blog and listeners of the Tenable podcast. I also heard some great talks as well. Here are some highlights. Smashing the Future for Fun and Profit I was really excited to see the folks on this panel come together and "talk shop." It’s a rare opportunity to see Jeff Moss (Dark Tangent), Adam Shostack, Marcus Ranum, Bruce Schneier, and Jennifer Granick all share the same stage! This did not happen by chance, as this panel brought back five of the original speakers Jeff Moss assembled at the first two Black Hat conferences held in 1997 and 1998. I've had the unique opportunity to interview each of the 2012 panel members individually, so I was particularly interested to see how their thoughts, ideas, and opinions would converge. I was not disappointed. The topics ranged from software security, the government’s role in security, consumerism and how ease of use impacts security, the vulnerability market, and so much more. Jennifer Granick was an outstanding moderator (which was not an easy task by any stretch!). The big question for me was, “What changed?” Jeff had a great anecdote. He said we don't really solve the problems, but we just run away from them and they seem to go away. We've just been able to run faster. I reviewed the topics presented at the first Black Hat conference in 1997, and I couldn't agree more. Vulnerabilities in TCP/IP, secure coding, and over-reliance on firewalls all made the list — topics we still discuss, and problems we still run from today.

Blog Post

Detecting Mobile Device Vulnerabilities Using Nessus

The Mobile Device Threat Without question the security of mobile devices is on the minds of almost every IT department. The average mobile worker carries 3.5 mobile devices at all times, a number that has doubled within the past three years and will likely continue to grow. The problem most organizations face is the workforce uses mobile devices, whether owned by your organization or not, to access company resources. This presents several problems, including not knowing who is using which device, if the devices have the latest software updates, or if device has been tampered with (i.e., jailbroken). Getting a Handle on Mobile Device Security Nessus has implemented new features to help users combat mobile threats. Network-based scanning is not the right approach to identify vulnerabilities on mobile devices, due in large part to the fact that most devices are in "sleep" mode and/or using a 3G/4G network. However, MDM (Mobile Device Management) technologies maintain information about the devices, including information about security vulnerabilities. To learn more about detecting mobile device vulnerabilities with Nessus you can view a video tutorial on our YouTube channel: The new "Mobile" tab in Nessus allows Nessus ProfessionalFeed customers to enter credentials for either (or both) Apple Profile Manager or Microsoft's ActiveSync. Nessus then uses the credentials to gather information about the type of device, who is using it, and mobile device vulnerabilities.

Blog Post

Tenable Network Security Podcast Episode 133 - "Detecting Mobile Device Vulnerabilities Using Nessus"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus DB2 9.8 Less Than Fix Pack 5 Vulnerabilities Vulnerabilities in Microsoft Gadgets Could Allow Remote Code Execution DNSSEC NSEC Records Information Disclosure VMware ESXi update to libxml2 MySQL 5.5 Less Than 5.5.23 Unspecified Vulnerability Novell GroupWise WebAccess User.interface Directory Traversal Pidgin Less than 2.10.5 Message Inline Image Parsing Remote Overflow

Blog Post

If a Security Control Falls in the Forest...

Many guidelines and compliance standards state that in order to be "secure" or "compliant" all of your systems must be patched. Turns out that this is easier said than done. Just when you believe your systems to be patched, something fails and patches seemingly disappear. We can then apply the "falling off" principal to several other areas of information technology, such as web applications, configuration management, and antivirus software. How do security controls in these areas fall off? Read about how this might happen and what you can do to help correct the problems.

Blog Post

Tenable Network Security Podcast Episode 132 - "Default Passwords, Evil QR Codes"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass - Using an alternative data stream, attackers are able to access PHP files which are otherwise protected. This is accomplished by accessing a file using the following name: "filename.php::$INDEX_ALLOCATION" as it is the functional equivalent of "filename.php". VMware Fusion 4.x Less Than 4.1.3 Vulnerabilities - "Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host." Do many still use a virtual floppy disk? Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution - "Such versions are potentially affected by an arbitrary code execution vulnerability." Potentially? I really wish vendors would do a better job of further qualifying the risk of exploitation. Upgrading all of your clients is not an easy task, and security folks may have a tough time convincing administrators to push out a fix if the risk is not a reality. MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities - Looks like these problems exist on OS X as well. The AnyConnect client does not validate binary downloads, allowing an attacker to execute code. Symantec Message Filter Management Interface Default Credentials - I believe one of the security measures that gives you the most bang for your buck is to make certain all of your management interfaces are not using default or easily-guessable credentials. IBM Lotus Domino Password Protected DB Enumeration - Tools exist in the popular Metasploit framework to brute force this password. Basilic diff.php Command Injection - "Basilic, a bibliography server for research laboratories, has a command injection vulnerability." HP System Management Homepage Less Than 7.1.1 Vulnerabilities - This update files a long list of vulnerabilities. IrfanView JPEG-2000 Plugin Remote Stack-based Buffer Overflow - Remote code execution triggered by opening JP2 files. Cisco WebEx ARF Player Buffer Overflow - I suppose you could host an "evil" webcast and trigger this buffer overflow condition!

Blog Post

Tenable Network Security Podcast Episode 131 - "Botnet Hosts, Management from the Cloud"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus Active Inbound Connection From Host Listed in Known Bot Database - The ability to identify whether a host is connecting to a host in a botnet, or a host in a botnet is connected to it, is important information. Cisco ASA 5500 Series DoS - I lost track of how many times I've been taunted with the words, "I'm gonna DoS your firewall!" Oh wait, that was just something I heard in the movies and on TV. Turns out it's a reality if you're using an ASA firewall configured with IPv6. I wonder just how many more vulnerabilities are going to crop up for IPv6 protocol stacks (we even see IPv4 vulnerabilities crop up now and again!). Malicious Process Detection: Potentially Unwanted Software - Nessus now makes the distinction between malware and software that could be used for "evil" but has a chance of not being malicious (like Netcat). MikroTik Winbox Less Than 5.17 File Download DoS - " An unauthenticated, remote attacker may make multiple requests to download a large file, resulting in the service becoming unresponsive." MikroTik makes some super cool hardware too, fantastic wireless access points. They have their own operating system called RouterOS, however, this vulnerability is in a utility called Winbox used to configure the operating system. Oracle iPlanet Web Server Between 7.0 and 7.0.15 Vulnerabilities - Looks like some XSS vulnerabilities and one bug called "Range Header DoS" are listed as "could not be reproduced." Winamp Less Than 5.63 Vulnerabilities - Winamp is still going strong with all kinds of software products for media. Turns out they have some vulnerabilities that have been corrected. ACDSee Pro Less Tan 5.2 Memory Corruption Vulnerabilities - No, not the great classic rock band, the image editing application! They have patched four heap overflows, and something about being a long way to the top if you want to heap overflow. HAProxy Trash Buffer Overflow Vulnerability - HAProxy is a load balancer, have to make sure this type of device is always patched as even DoS vulnerabilities can be severe (though this one happens to be a buffer overflow). There are some mitigating circumstances: "It requires that the global.tune.bufsize option is set to a value greater than default and that header rewriting is configured." Quagga Less Than 0.99.19 Vulnerabilities - For those that may not know: "Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro." We recently published quite a few plugins to detect vulnerabilities on this platform.

Blog Post

Plugin Updates: Malicious Process & Botnet Detection

Malicious Process Detection Updates A short time ago, Tenable released a new plugin to perform Malicious Process Detection (plugin ID 59275). Originally, it identified all possible malicious processes and reported the risk level as "High." This has now been split into two plugins; the original plugin that detects processes as malware which now uses the risk level of "critical," and a new plugin titled Malicious Process Detection: Potentially Unwanted Software (plugin ID 59641): Click for larger image The difference between the two plugins is the intent of the malicious software. For example, "Netcat" is a popular tool that can be used for network troubleshooting or by attackers for "evil" purposes such as backdoors. These two separate malware plugins will allow customers to more easily differentiate between policy violations and systems that are infected with malware unmistakable for any legitimate program.

Blog Post

Tenable Network Security Podcast Episode 130 - "DLL Injection, WAF vs. Developers"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus Measuresoft ScadaPro DLL Injection Code Execution MailEnable ForgottenPassword.aspx Username Parameter XSS XnView less than Version 1.99.0 Multiple Vulnerabilities Rocket Software UniData less than Version 7.3 Remote Command Execution (credentialed check) Kerio WinRoute Firewall Web Server Remote Source Code Disclosure

Blog Post

Tenable Network Security Podcast Episode 129 - "More RDP Vulnerabilities, Hacking Back?"

Announcements Tenable Network Security Reveals the Next Generation of Its SIEM Solution We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution - I find it interesting that the first vulnerability came from TippingPoint's ZDI program, which listed it as a remote code execution. Now we have a second remote code execution in the same protocol. Organizations really need to get a handle on controls for this service, and if you're using it make certain it's configured properly and patched. Citrix Provisioning Services Unspecified Request Parsing Remote Code Execution (uncredentialed check) - The concept of providing virtual desktops and being able to roll them back to a "clean" state once the user logs off is useful. However, this is a case where software that helps you implement security contains vulnerabilities. This exploit comes from iDefense, and one released early this year came from TippingPoint. F5 Multiple Products Root Authentication Bypass - If you are running F5 products that are vulnerable, patch immediately. Turns out they all use the same private SSH key, giving attackers an easy way to gain access to them. Asterisk Remote Crash Vulnerability in Skinny Channel Driver - Note there are many products that embed Asterisk to provide VoIP functionality. iTunes 10.6.3 Multiple Vulnerabilities (uncredentialed check) - Apple references this vulnerability with regards to both OS X and Windows platforms. PHP 5.3.x 5.3.14 Multiple Vulnerabilities - Public exploit code is available. RuggedOS Web-Based Admin Interface Default Credentials - Coming off the heels of the Telnet backdoor, RuggedOS also uses a default password on the web management interface.

Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for free Contact sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller