ABC News reports on a new attack vector targeted at broadband routers / acces points : Drive-By Pharming. This attack has one of the most devastating potential we’ve seen this year and I would rate it as very high impact. Maybe not as massive as the Universal PDF XSS Vulnerability , but still raises a few big question marks about web applications’ security. C’mon, directly altering my router’s DNS settings ? How scary is that … Here is an ABC News quote on the subject :

Professor Markus Jakobsson of Indiana University has done a lot of research on router vulnerabilities. Jeremiah Grossman of WhiteHat Security gave a talk at the Black Hat conference last year on Javascript malware. Zulfikar Ramzan of Symantec Security Response put the two pieces together… and realized that it’s possible for Javascript on a web site to modify your router’s DNS settings.

The full release by Zulfikar Ramzan of Symantec Security Response.

I stumbled upon yet another blind SQl injection tool called sqlmap written by Bernardo Damele and Daniele Bellucci. I didn’t have time to test it, but the tool’s description is quite ambitious :

sqlmap is an automatic blind SQL injection tool, developed in python, capable to perform an active database fingerprint, to enumerate entire remote database and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.

You can download sqlmap from it’s sourceforge homepage. By any chance, did you see it in action? What were the results ?

Tenable puts a cool Antivirus deployment Audit checks into it’s ground breaking Nessus tool. Compliance is the universal security obsession and I think Nessus will move more and more into this area. Quote:

For compliance, if an organization has selected one or more anti-virus solutions, being able to audit this with Nessus can prove to an auditor that a solution is indeed installed, in use and up to date.

At the time of this writing, the following anti-virus solutions are detected as installed, running and up-to-date by Nessus:

• #24232 BitDefender Check
• #20284 Kaspersky Anti-Virus Check
• #12107 McAfee Anti Virus Check
• #21608 NOD32 Antivirus System Check
• #12106 Norton Anti Virus Check
• #20283 Panda Antivirus Check
• #21725 Symantec Anti Virus Corporate Edition Check
• #14835 Symantec Norton AntiVirus Version Detection
• #16192 Trend Micro Anti Virus Check
• #24344 Windows Live OneCare AntiVirus Check

Tenable’s blog on : Auditing Anti-Virus Products with Nessus

The other day I attended a meeting where I got hit by a new concept .It is the unfortunate brainchild of the new age of risk management and compliance obsession.

So it goes like this : Compliance = Vulnerability.

Or to put it properly : Lack of compliance will cost the same as mitigating a high risk vulnerability. I’m afraid this really means a waste of resources: tons of time and money invested in full-blown compliance audits and sooner or later reality won’t matter anymore . You’ll get your compliance certificate and that’s it : you’re safe.

Oh, I wonder where are the days when there was a clear cut between the compliance check and the hands-on, real life, substantive audit. Is it really a good direction that we’re heading ?
I really don’t think that a canned compliance audit can deliver the X-factor needed by a company who’s ultimate goal is Information Assurance.

X-Factor : Effectiveness of the security controls in place.
Am I the only one fed up with all this compliance buzz?