BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

December, 2010

guy laptop

Data Breach Excuses and What They Really Mean: Excuse 5

Posted December 31, 2010    Peter McCalister

Excuse 5: APPOLOGIZE AND REASSURE CUSTOMERS IT WAS AN ACCIDENT RATHER THAN INTENTIONAL HARM. You guessed it, that’s what we hear next when data shows up stolen or vandalized. So this fifth installment of the Top 5 Excuses for Data Breaches and What They Really Meanwill attempt to translate this into what really happened and use current news to exemplify our point.

wireshark

Wireshark ENTTEC Dissector Buffer Overflow

Disclosed December 31, 2010    Fully Patched
Vendors: Wireshark Foundation
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Team

Data Breach Excuses and What They Really Mean: Excuse 4

Posted December 30, 2010    Peter McCalister

Excuse 4: DON’T MAKE AN EXCUSE, BLAME IT ON A THIRD PARTY. Yep, that’s what we hear next when data shows up stolen or vandalized. So this fourth installment of the Top 5 Excuses for Data Breaches and What They Really Mean will attempt to translate this into what really happened and use current news to exemplify our point.

hands

Data Breach Excuses and What They Really Mean: Excuse 3

Posted December 29, 2010    Peter McCalister

Excuse 3: SHUT THE DOOR AFTER THE HORSE HAS BOLTED. That is exactly what we hear next when data shows up stolen or vandalized. So this third installment of the Top 5 Excuses for Data Breaches and What They Really Mean will attempt to translate this into what really happened and use current news to exemplify our point.

guy tie

Data Breach Excuses and What They Really Mean: Excuse 2

Posted December 28, 2010    Peter McCalister

Excuse 2: SADLY, IT’S NOT POSSIBLE TO TRUST ALL PEOPLE ALL OF THE TIME. Yep, that’s what we hear next when data shows up stolen or vandalized. So this second installment of the Top 5 Excuses for Data Breaches and What They Really Mean will attempt to translate this into what really happened and use current news to exemplify our point.

Guy PC

Data Breach Excuses and What They Really Mean: Excuse 1

Posted December 27, 2010    Peter McCalister

Excuse 1: IT’S TOO SENSITIVE TO COMMENT FURTHER, FOR FEAR OF RISKING SECURITY FURTHER.

microsoft

Microsoft Windows Fax Services Cover Page Memory Corruption

Disclosed December 27, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
BT_2011

Happy Holidays from BeyondTrust

Posted December 23, 2010    Peter McCalister

BeyondTrust wishes you a safe and happy holiday season, as well as a new year filled with privilege identity management and least privilege for all!  Don’t forget to ask your BeyondTrust sales rep for any end-of-year specials to help get that least privilege solution in before the US no longer provides Section 179 tax bennefits.

Win 7

Least Privilege and Windows 7 Compatibility

Posted December 22, 2010    Peter McCalister

In planning the move to Windows 7, Application Compatibility should be a top priority. The key technology that Microsoft provides for this is the Application Compatibility Toolkit (ACT). Now in version 5.5, ACT has been around for some time, and it is designed to help identify and mitigate potential issues with application portfolios. ACT works by taking an inventory of your existing applications and analyzing them to determine if they will be compatible with Windows 7. Once the applications have been analyzed, there are a few different approaches for mitigation. One is to use the ACT shims to get the applications to run. Another option is to utilize Windows XP Mode on Windows 7. This should make the transition to Windows 7 much easier for most organizations, as well as prevent downtime for your end users.

microsoft

Microsoft IIS 7 FTP Buffer Overflow

Disclosed December 22, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability: