PatchDiff2 - High Performance Patch Analysis
June 26, 2008Tenable Network Security has released PatchDiff2 for the IDA disassembler. PatchDiff2 can be used to compare the differences in patches provided by vendors in order to understand what has been modifie...
Risky Business #66 -- Interview with Marcus Ranum
June 18, 2008Episode #66 of IT Radio's Risky Business is now online. This installment features a discussion of smart phone security, wireless complacency issues, forensics for mobile devices and a discussion of th...
Control System Security -- Project Bandolier
June 12, 2008Digital Bond has recently announced control system configuration audit policies that are being developed for the Nessus vulnerability scanner. These policies can be used to audit operating systems run...
Event Analysis Training -- Working with "BlackLists"
June 10, 2008Many SIM, NIDS and NBAD solutions have some sort of "blacklist" functionality which highlights when systems on your network interact with IP addresses that have been identified as being asso...
Nessus 3.2.1 Released -- New Report Filtering Features Added
May 30, 2008Tenable Network Security has released version 3.2.1 of the Nessus vulnerability scanner. This point release includes a variety of small bug fixes as well as a new report filtering interface for the Ne...
CIO Blogathon - Open Source in the Enterprise
May 29, 2008I recently got invited to contribute to a new blog at CIO online about open source in the enterprise. User's of Nessus know that Tenable focuses on as many platforms as possible to test for security ...
Boss, I think Half of our FTP Servers are fake!
May 23, 2008Several new plugins for Nessus were recently introduced which can detect FTP servers that are fake: Fake FTP server accepts a bad sequence of commands Fake SMTP/FTP server (backdoor) Fake FTP s...
SSH Auditing - New Detected Vulnerabilities and New Features for Nessus
May 16, 2008Nessus has several new features for auditing systems via Secure Shell and coincidentally, there was a major vulnerability announced this week regarding OpenSSH servers whose public keys are trivially ...
Tenable updates plugin subscription model for Nessus Vulnerability Scanner
May 14, 2008Tenable Network Security Inc. today announced an update to its Nessus subscription model that will benefit home users and qualifying charities around the world. We've posted a letter and a FAQ about t...
Visualizing Nessus Working Harder For You
May 8, 2008Recently, several images were uploaded to the SecViz - Security Visualization web site which visualize how hard the Nessus, Saint and Retina vulnerability scanners actually work. Default scans for eac...
Cyberterror (Part II of a series)
May 7, 2008Hello again! In my last column, we looked at cybercrime and how its dynamics are subtly different from real-world crime. In this episode we're going to tackle a much tricker topic - namely cyberterror...
Tenable Releases Security Center 3.4
May 1, 2008Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. Earlier this week, we released Security Center 3...