BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

February, 2011

cloud-security-img

Cloud Computing Security in Public Clouds

Posted February 17, 2011    Peter McCalister

We’ve said before that corporations need to take ownership and responsibility for overseeing and requiring compliance and security policies of their cloud vendors. Well, now it’s official, the industry agrees with us.

php

PHP grapheme_extract() NULL Pointer Dereference

Disclosed February 17, 2011    Fully Patched
Vendors: PHP
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability:
hands

5 Things to Tell the CEO about Admin Privileges

Posted February 16, 2011    Peter McCalister

Every organization has their own quirks. Sometimes leadership isn’t involved enough for certain projects to be successful. Other times they’re too involved. And sometimes it feels like everything is just too much of a mess. This is especially true when it comes to IT security and compliance across physical, virtual and cloud environments.

sticky

Live from RSA 2011

Posted February 16, 2011    Morey Haber

It is another cold and windy week in San Francisco and RSA 2011 is more impressive this year than recent events. With the economy finally beginning to recover, trade show events are feeling the impact with more floor space, higher attendance,  cooler giveaways, and quality of new solutions presented by companies highlighting investments in development. …

Tags:
cloudlock1

Does Compliance = Security?

Posted February 15, 2011    Peter McCalister

Since it’s hard to analyze the tradeoffs between security and productivity, IT organizations can fall back on gut feel, rules of thumb and past practices in making these decisions. The easiest answer is frequently to just follow the rules and regulations so you remain in compliance with industry regulations or current policies. As a result, compliance becomes a substitute for security. But are they really equal? Does being in compliance mean you have a secure IT environment?

eye in the sky_smaller-resized-600.jpg

Top VM Reports for Daily Security

Posted February 15, 2011    Morey Haber

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a…

Tags:
, ,
oracle

Oracle 10/11g exp.exe – param file Local Buffer Overflow

Disclosed February 15, 2011    Fully Patched
Vendors: Oracle
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
ipad pic

Visit BeyondTrust Booth at RSA 2011 and Win an iPad

Posted February 14, 2011    Peter McCalister

If you are going to San Francisco for RSA this week (with or without a flower in your hair), then you should stop by the BeyondTrust booth #945 and check out the latest greatest privilege identity management solutions to eliminate admin rights across desktop, server and network devices as well as virtual and cloud environments.

microsoft

Microsoft Windows Server 2003 AD Pre-Auth Browser Election Remote Heap Overflow

Disclosed February 14, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
hands

Rock the Cradle of Root Access Gently

Posted February 11, 2011    Peter McCalister

The hand that rocks the cradle rules the world. This is an absolute truth. Although originally referring to motherhood, there is an especially poignant application from an enterprise point of view. As long as the hand (your IT manager with root access) handles that cradle gently (your server and the sensitive information therein), your world will remain a secure place.