BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

January, 2011

PBSE

Care New England Implements Least Privilege on Desktops

Posted January 21, 2011    Peter McCalister

Care New England, located in Providence Rhode Island is a non-for-profit healthcare system that offers a continuum of quality care, including two teaching hospitals affiliated with The Warren Alpert Medical School of Brown University, Butler and Women & Infants; a community hospital, Kent; a visiting nurse and home care/hospice agency, Care New England Home Health; and the Care New England Wellness Center. Care New England’s strengths are based on complementary programs and distinctive competencies of our partner hospitals to its partner hospitals and agencies.

videolan

VideoLAN VLC Media Player CDG Decoder Module Array Indexing Vulnerabilities

Disclosed January 21, 2011    No Patch Available
Vendors: VideoLAN
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
opera

Opera Browser “select” Element Children Integer Truncation Vulnerability

Disclosed January 21, 2011    Fully Patched
Vendors: Opera Software
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
pillars

3 Ways to Remediate Misuse of Privilege

Posted January 20, 2011    Peter McCalister

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath. In today’s security conscious enterprise, there are three level of remediation to consider:

shoe

I Don’t Know……Third Base?

Posted January 19, 2011    Peter McCalister

Brian Anderson recently commented on a Wall St Journal article on The Top 50 Gawker Media Passwords. He concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. So what are smart IT security professionals to do?

Lockdown

Administrative Privileges are Behind Many, but not all Breaches

Posted January 18, 2011    Peter McCalister

Ok – so even we admit not EVERY security breach is related to administrative privileges. We saw how horrible the passwords were of Gawker users; we know hackers exist too and there is a remaining 10% of critical Microsoft vulnerabilities that can’t be mitigated by removing admin rights. A recent reporton Virgin Media’s email recycling, which would allow a new email recipient to “retrieve a forgotten password” of the email’s previous owner could not be prevented with any measure related to administrate privileges.

Myth Bust: No One In My Enterprise Can Misuse Privilege

Posted January 17, 2011    Peter McCalister

Myth Busters has become a TV phenomenon with great antics to prove or disprove commonly head “truths” as “urban legend, wife’s tale or grounded in fact-based truth. In today’s enterprise a common myth is that no one ever actually misuses the information technology (IT) privileges granted them. We thought we take a closer poke at…

Putting the Health Care Cart Before the Horse?

Posted January 14, 2011    Peter McCalister

Health Information Exchanges (HIEs) are the latest buzz phrase to hit the compliance marketplace. In a recent post blogger phiprivacy.net, reported on the opinions of top IT experts, about the top Patient Health Care Information trends for 2011. Amongst a clear indication of increased breaches; imposition of fines and other regulatory action; as well as…

Motivation and Preparation

Posted January 13, 2011    Peter McCalister

You probably already saw last month that a group called Gnosis hacked over 1 million rows of data from Gawker, claiming the organization had some of the worst security they could have imagined. Gnosis gained access to their database in one day and even Gawker said in an internal memo that they were largely caught…

Tell Us Your Patch Tuesday Story!

Posted January 12, 2011    The eEye Research Team

Please use the “Leave a Reply” function below and tell us your Patch Tuesday story for a chance to win a new Amazon Kindle and $25 gift card. Deadline to be entered into the VEF contest is Friday 1/14 at noon PST. Please note that all email/contact info will be kept private from public view,…