BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for January, 2011

shoe

I Don’t Know……Third Base?

Brian Anderson recently commented on a Wall St Journal article on The Top 50 Gawker Media Passwords. He concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. So what are smart IT security professionals to do?

Post by Peter McCalister January 19, 2011
Lockdown

Administrative Privileges are Behind Many, but not all Breaches

Ok – so even we admit not EVERY security breach is related to administrative privileges. We saw how horrible the passwords were of Gawker users; we know hackers exist too and there is a remaining 10% of critical Microsoft vulnerabilities that can’t be mitigated by removing admin rights. A recent reporton Virgin Media’s email recycling, which would allow a new email recipient to “retrieve a forgotten password” of the email’s previous owner could not be prevented with any measure related to administrate privileges.

Post by Peter McCalister January 18, 2011

Myth Bust: No One In My Enterprise Can Misuse Privilege

Myth Busters has become a TV phenomenon with great antics to prove or disprove commonly head “truths” as “urban legend, wife’s tale or grounded in fact-based truth. In today’s enterprise a common myth is that no one ever actually misuses the information technology (IT) privileges granted them. We thought we take a closer poke at…

Post by Peter McCalister January 17, 2011

Putting the Health Care Cart Before the Horse?

Health Information Exchanges (HIEs) are the latest buzz phrase to hit the compliance marketplace. In a recent post blogger phiprivacy.net, reported on the opinions of top IT experts, about the top Patient Health Care Information trends for 2011. Amongst a clear indication of increased breaches; imposition of fines and other regulatory action; as well as…

Post by Peter McCalister January 14, 2011

Motivation and Preparation

You probably already saw last month that a group called Gnosis hacked over 1 million rows of data from Gawker, claiming the organization had some of the worst security they could have imagined. Gnosis gained access to their database in one day and even Gawker said in an internal memo that they were largely caught…

Post by Peter McCalister January 13, 2011

Tell Us Your Patch Tuesday Story!

Please use the “Leave a Reply” function below and tell us your Patch Tuesday story for a chance to win a new Amazon Kindle and $25 gift card. Deadline to be entered into the VEF contest is Friday 1/14 at noon PST. Please note that all email/contact info will be kept private from public view,…

Post by The eEye Research Team January 12, 2011

Top 10 Reasons To Care About Who Has Privileged Access to Your IT

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format.

Post by Peter McCalister January 12, 2011

Microsoft Patch Tuesday – January 2011

The ebb and flow of Microsoft Security Bulletins continued this month, with a nice slow release of only two bulletins to follow up the record set in December. Unfortunately, neither of these two bulletins patched any of the zero-day vulnerabilities that are currently affecting Microsoft products. Microsoft continued to patch DLL preloading vulnerabilities, this time…

Post by Chris Silva January 11, 2011

Mozilla Breach and Privileged Users

If you have one of 44,000 inactive Mozilla accounts, you may have received a belated Christmas present on December 27th when the company sent out notifications of a potential leak of their account information. In this case the company was able to reassure those users there was virtually no possibility of any harm to them….

Post by Peter McCalister January 11, 2011

Your Password is What? I Thought That Was Second Base.

Who’s on first? What’s on second? I don’t know’s on third, and your password is Password?

Post by Peter McCalister January 10, 2011