Tenable Network Security Podcast Episode 119 - "Macs Don't Get Viruses, Detecting OS X Malware"

Announcements

• Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council.
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• Nessus 5 OnDemand Training Now Available

New & Notable Plugins

Nessus:

• OS Identification : NativeLanManager -
• at32 Reverse Proxy Admin Portal No Password -
• Microsoft ASP.NET ValidateRequest Filters Bypass -
• Cisco WebEx WRF Player Multiple Buffer Overflows (cisco-sa-20120404-webex) -

Stories

1. Apple's security code of silence: A big problem - Apple's security is all over the news, how long will this go one until they bring up their level of security as Microsoft has?
2. Massive firewall vendor lets domain expire - Oops!
3. Hotel Wifi JavaScript Injection - Justinsomnia
4. Arms Race In Zero Days Spells Trouble For Privacy, Public Safety - "In Soghoian's view, the government turns a blind eye to insecure computers because those same insecure systems might provide access to law enforcement or intelligence services, should they need it."
5. » Blog Archive » windows privilege escalation via weak service permissions - We have a plugin to detect this condition! SMB Insecurely Configured Service
6. ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy - SpiderLabs Anterior
7. 8 Simple Tips to Secure a Mac from Malware, Viruses, & Trojans - Tips are good, mostly geared towards end users, but what can be done to truly improve the security of OS X? This article has the user disabling a bunch of stuff, but I believe that there is better hardening to be done.