BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

November, 2010

shoe

The Reality of “The Dirty Dozen” and why I love Google Chrome

Posted November 17, 2010    Marc Maiffret

If you have been following your security news the last couple of days you will have seen that there have been a handful of headlines about the “Dirty Dozen” most vulnerable applications with Google Chrome coming in at number one. Just from that fact alone I became quickly suspicious on the science behind the calculations…

Tags:
, , , ,
cloudlock1

Computerworld’s Advice Still Relies Too Much on Trust

Posted November 17, 2010    Peter McCalister

In a Computerworld article, last week, exploring the ‘scary side of virtualization’, the reporter, took some time out in a sidebar, to offer some sage staffing advice.

Team

Vulnerability Management in a Data Warehouse

Posted November 16, 2010    Morey Haber

Have you ever been asked, “How long has that vulnerability been in our systems?” Have you ever wondered if your patch management process is keeping up with the number of new vulnerabilities being identified? Keep reading…

Tags:
, , , , , , ,
linux logo

Linux Proliferation Raises Security & Compliance Alerts

Posted November 16, 2010    Peter McCalister

The Linux Foundation recently conducted a survey of Linux users who represent the largest enterprise companies and government agencies. The survey found that Linux is poised for growth in the coming years, with 76.4 percent of companies planning to add more Linux servers in the next year.

Bomb 2

Ping, Twitter, Social Media & Admin Privileges

Posted November 15, 2010    Peter McCalister

The other day Twitter introduced some new features that integrates with Apple’s Ping to help users share music through Twitter, which sparked some renewed conversation about social media in the workplace.

Virtualization Security Roundup

Posted November 12, 2010    Peter McCalister

There have been some great articles, data, surveys and analyst reports over the last few weeks on virtualization security and I wanted to share and consolidate some of those here. Jon Brodkin of Network World on how “most virtualized workloads are being deployed insecurely” but they don’t have to be. He speaks to hypervisor vulnerabilities…

Too Many Regulatory Standards, Only One Tool Please

Posted November 12, 2010    Morey Haber

About every two years, I indulge myself with a new laptop. This time, I waited almost three years and will be retiring my old Dell XPS M1330 for a new Alienware M15x. I wanted raw horsepower for virtual machines in a laptop format and was not as concerned about battery life (since I carry an…

Tags:
, , , , , , , , , , , , , , , , ,

What’s New in PCI DSS 2.0?

Posted November 11, 2010    Peter McCalister

On October 28, 2010, the PCI Security Standards Council unveiled version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS has not had an update since version 1.2 in October 2008. The recent “Summary of Changes” document released by the PCI Security Standards Council (SSC) covers the proposed changes in version…

apple

Apple QuickTime Sorenson Video 3 Array-Indexing Memory Corruption

Disclosed November 11, 2010    Fully Patched
Vendors: Apple
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:

Misuse of Privilege Soap Box

Posted November 10, 2010    Peter McCalister

When I saw Nick’s