Additional Support to Look for Compromised Web Servers
April 28, 2008With the recent news of more than 500,000 web sites becoming compromised, Tenable's research team added support into Nessus and the Passive Vulnerabiltiy Scanner to look for evidence of recently insta...
How to audit an Internet Facing Server with Nessus
April 23, 2008Very often, Nessus is used by MSPs, consultants and IT security staff to test the security of an Internet facing server. Occasionally, we see the default settings of Nessus, which are optimized for a ...
Risky Business -- Episode #59
April 23, 2008Tenable Network Security recently began sponsoring the Risky Business podcast with Patrick Gray. Episode 59 is now online. This latest installment includes: A review and commentary of the week’s secur...
Marcus Ranum in Europe
April 18, 2008For those readers that are located in Europe, Marcus Ranum, Tenable’s CSO, will be speaking at two events in Q2 of 2008: On April 23rd and 24th, Marcus Ranum will be speaking at the Mnemonic Risk...
Tenable Receives FDCC Certification
April 15, 2008Recently, Tenable's Security Center product was awarded certification to perform Federal Desktop Core Configuration (FDCC) audits, along with several other types of NIST SCAP audit capabilities, for t...
Safari Windows Detection ... and all That Implies
April 8, 2008Apple recently gave Windows iTunes users the option to download the Safari web browser. This move was criticized by many bloggers and security experts. What we will be discussing in this blog today is...
Nessus turns 10 !
April 4, 2008Ten years ago today, I announced the initial public release of Nessus on the bugtraq mailing list. The initial version would run only on Linux and was bundled with 50 plugins (vulnerability checks) wr...
Tenable at RSA
April 3, 2008If you are at RSA next week, please feel free to come by the Tenable booth which is #2737. We're on the far right side of the exhibit floor. A map and picture of our booth is below: I'm going to ...
Scanning Network Printers and Novell NetWare Devices
March 31, 2008Historically, active vulnerability scanning of network printers and older Novell NetWare servers could be problematic. Sometimes a simple port scan with any type of auditing tool would cause a network...
Auditing MySpace and FaceBook Vulnerabilities
March 28, 2008Over the past few months, there have been a few vulnerabilities in ActiveX controls from MySpace and FaceBook. Nessus users can audit Windows systems running Internet Explorer with the following plugi...
CyberCrime, CyberTerror, CyberEspionage, and CyberWar
March 20, 2008Greetings! In this column, and in subsequent columns, I am going to develop a set of themes about cyber-stuff. We've all heard a great deal of kerfluffle about cyberterror or cyberwar, but - what, rea...
Event Analysis Training -- Working with Emerging Threats events
March 19, 2008In the next few weeks, I will be posting a series of blog entries which provide examples of analyzing logs and events in large enterprise networks. We will be using the Security Center, Nessus, Log Co...