BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

February, 2011

monster under bed

Scary Night Dragons Fall from Sky

Posted February 10, 2011    Marc Maiffret

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous scary threat “Operation Aurora” and a timely announcement leading up to one of the security industry’s biggest conferences in San Francisco next week, RSA. Wait, what?

swan

Black Swans and Tough Trade-offs For Privilege Identity Management

Posted February 10, 2011    Peter McCalister

Recently we talked about the difficult trade-off between security and productivity in regard to designing effective password policies. Managing these difficult exchanges is a major challenge for many IT decision makers. Security is time consuming and complicated, which almost always means extra work for someone. So IT must decide: is reduced security risk worth the extra work?

guy laptop

Add an Identity Management Stitch to Your Enterprise and Save Nine

Posted February 9, 2011    Peter McCalister

I have a friend who, at any given moment, can recount any of the old wives tales he grew up hearing. Most of them I just roll my eyes at, but every now and then there’s a little gem that makes life a little easier. Take “a stitch in time saves nine.” That’s legitimate advice. The concept of taking certain actions before a large-scale problem evolves transcends all aspects of the human existence, and even spreads to the security of your enterprise. One particularly useful stitch comes in the form of preventing the misuse of privileges within the walls of your company.

patch-tuesday

Microsoft Patch Tuesday – February 2011

Posted February 8, 2011    Chris Silva

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…

anonymous

Wikileaks Could be You Without Privilege Identity Management

Posted February 8, 2011    Peter McCalister

Those that follow this blog have probably seen us write on Wikileaks before. We covered it here and eWeek invited us to cover the topic for their knowledge center here. Our message is that Wikileaks isn’t just for government or military organizations. Half of the leaked information on Wikileaks is on private organizations and Julian has suggested that corporations are next on the chopping block.

thumb_default

eEye for the Win

Posted February 7, 2011    Marc Maiffret

At the start of every year employees of eEye gather for our yearly company kick-off. We discuss what we did right in the previous year and ways that we can improve in this New Year. We talk about our product roadmap and the sales and marketing strategies for the year. We also answer the question that is probably more important than anything: “What type of company do we want to be?”

apple

An Apple (Compliance) a Day Keeps the Doctor (Auditors) Away

Posted February 7, 2011    Peter McCalister

There’s an old wives’ tale that explains “an apple a day keeps the doctor away.” While this advice may not always be the case in the medical industry, it is absolutely accurate when it comes to the world of IT compliance. When you regularly incorporate apples (compliance) into your daily enterprise diet, the doctors (auditors) that come won’t find ailments that need to be fixed.

microsoft

Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution

Disclosed February 7, 2011    No Patch Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
microsoft

Microsoft Office Excel Office Art Object Parsing Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
microsoft

Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: