Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for October, 2010

Stopping Good People From Doing Bad Things With Admin Rights

Let’s face it – organizations cannot simply build walls to protect vital information anymore. However, in the process of adapting to this new virtual collaborative environment comes the enormous challenge of ensuring that privileged access to critical information is not misused. Walls that may have worked a decade ago are now practically irrelevant as users…

Post by Peter McCalister October 21, 2010

6 Things You Should Know About Sudo

Freeware isn’t always free.

Post by Peter McCalister October 20, 2010

Indirect Misuse of Privilege Lessons from Google

Last week we posted on the three forms of misuse of privilege, followed by a recent example of malicious abuse, where a stock trader used his IT skills to circumvent the system.

Post by Peter McCalister October 19, 2010

Indirect Misuse of Privilege Is a Malware Imperative

Indirect misuse of privileges is when one or more attack types are launched from a third party computer which has been taken over remotely. A startling statistic revealed by Gartner is that 67% of all malware detections ever made were detected in 2008. Gartner also estimates managed desktops, or users who run without admin rights,…

Post by Peter McCalister October 18, 2010

Retina Helps Identify Weak Certificates

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254. The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update.

Post by Peter McCalister October 16, 2010
, , , , ,

Accidental Misuse of Privilege Lessons from ASU

A common fear of all Chief Security Officers and Chief Information Officers is that their organization winds up in the press for some breach of privacy or data theft.

Post by Peter McCalister October 15, 2010

DEP Down: Part 1

Today we continue our series of technical blogs with a blog about DEP (Data Execution Prevention). There are many good blogs and articles about DEP which go into great detail over the what, where, when and how’s of DEP and as such, I will only keep the introduction at a very minimum. Please follow the…

Post by The eEye Research Team October 14, 2010

Accidental Misuse Of Privilege Can Be Hidden and Costly

Though difficult for many to admit, humans are fallible. We are not perfectly consistent in our principles personally or professionally. Accidental misuse of privileges on desktops and servers does happen, and it does have a measurable impact on the organization as a whole. For example, desktop configuration errors cost companies an average of $120/PC, according…

Post by Peter McCalister October 14, 2010

Intentional Misuse of Privilege Lessons from Jérôme Kerviel

A multi-billion dollar fraud from 2008 has re-surfaced in the news after a Paris court ordered

Post by Peter McCalister October 13, 2010

Microsoft Patch Tuesday – October 2010

Wow. Microsoft has outdone itself this time, releasing 16 security bulletins for October – a personal best for them. That puts them at 86 for the year – so I’m pegging the over / under for 2010 security bulletins at 100. Microsoft patched quite a few zero day vulnerabilities this month, most notably in MS10-073,…

Post by Chris Silva October 13, 2010