Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


October, 2010

Accidental Misuse Of Privilege Can Be Hidden and Costly

Posted October 14, 2010    Peter McCalister

Though difficult for many to admit, humans are fallible. We are not perfectly consistent in our principles personally or professionally. Accidental misuse of privileges on desktops and servers does happen, and it does have a measurable impact on the organization as a whole. For example, desktop configuration errors cost companies an average of $120/PC, according…

Intentional Misuse of Privilege Lessons from Jérôme Kerviel

Posted October 13, 2010    Peter McCalister

A multi-billion dollar fraud from 2008 has re-surfaced in the news after a Paris court ordered

Microsoft Patch Tuesday – October 2010

Posted October 13, 2010    Chris Silva

Wow. Microsoft has outdone itself this time, releasing 16 security bulletins for October – a personal best for them. That puts them at 86 for the year – so I’m pegging the over / under for 2010 security bulletins at 100. Microsoft patched quite a few zero day vulnerabilities this month, most notably in MS10-073,…

The Cost Of Insider Attacks Can Be Mitigated

Posted October 12, 2010    Peter McCalister

Insider attacks are possible because of the intentional misuse of privilege.

Identifying The 3 Misuses of Privilege

Posted October 11, 2010    Peter McCalister

Identity and access management is typically looked at from the AAA perspective: Access, Authentication and Authorization.

The “3 Bears” of Privilege Identity Management

Posted October 8, 2010    Peter McCalister

At some point in your life you have heard the story of Goldilocks and the Three Bears and learned the perils of extremism: too hot, too cold, just right.


Windows Local Procedure Call (LPC) Privilege Elevation Vulnerability

Disclosed October 8, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:

Privileged Identity Management Demystified

Posted October 7, 2010    Peter McCalister

In an effort to improve business security, compliance and productivity, privilege authorization policies must be redesigned and user permissions more granularly managed. Yet identity and access management (IAM) solutions have remained largely unchanged. Traditional solutions account for a significant part of the total cost of IAM, a staggering amount when you consider that these solutions:…