BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

January, 2011

pillars

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1

Posted January 31, 2011    Morey Haber

New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…

Tags:
, , ,
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 3

Posted January 31, 2011    Peter McCalister

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report ‘Legacy Applications and Least Privilege Access Management’ which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

videolan

VLC Media Player MKV Demuxer Vulnerability

Disclosed January 30, 2011    Fully Patched
Vendors: VideoLAN
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Win 7

Microsoft Vulnerabilities & Admin Privileges

Posted January 28, 2011    Peter McCalister

Some of you may have already seen the annual report we do each year on vulnerabilities in Microsoft products. Our last report found that in 90% of critical vulnerabilities could be mitigated with the removal of administrative rights.

microsoft

Microsoft Windows MHTML

Disclosed January 28, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Low
Exploit Impact: Information Disclosure
Exploit Availability:
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 2

Posted January 27, 2011    Peter McCalister

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report Legacy Applications and Least Privilege Access Management’ which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

Team

Password Rotation, Phishing and Authentication Limitations, Oh My!

Posted January 26, 2011    Peter McCalister

As we have pointed out in several recent blog posts, getting users to choose effective passwords is hard. This is particularly important to us at BeyondTrust since for our PIM solutions to function correctly we need to accurately authenticate a user to know what access privileges to grant them While new technologies for user authentication are on the way, they aren’t here just yet.

img-mobile

Referential Integrity When Performing a Vulnerability Assessment

Posted January 25, 2011    Morey Haber

James Thurber wrote back in 1959, “When all things are equal, translucence in writing is more effective than transparency, just as glow is more revealing than glare.” The critical aspect of his statement is based on equality. When using multiple distributed applications, regardless of technology, having the same version on all the systems is sometimes…

Tags:
, ,
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 1

Posted January 25, 2011    Peter McCalister

Whenever we hear the phrase “Wild West”, the first words that come to mind are old, insecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally “Wild West” provides the perfect analogy for the way an enterprise’s remaining legacy infrastructure interfaces with a Windows desktops environment….

Tags:
, ,
vista-patch-bandaid-sp1

There is No Patch For Stupidity

Posted January 24, 2011    Peter McCalister

No, I’m not talking about a Boy or Girl Scout patch (or merit badge) now awarded for making dumb errors with information technology at work. I’m referring to the ever present vendor tech support cry of “just install the patch” whenever something goes wrong.