BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

March, 2011

pillars

Top VM Reports for Government

Posted March 21, 2011    Morey Haber

In continuing the series on top reports for vertical markets, this blog will focus on reports that help government entities at the state, local, and federal levels. Like any vertical, having reports that are dedicated to the mandates and requirements that matter to the organization are critical. It is not only about which vulnerabilities are…

Tags:
, , , ,
Accidental Harm

Why Do You SUDO The Way You Do?

Posted March 21, 2011    Peter McCalister

In the land of Unix and Linux systems administration, nothing seems to elicit such polar love and hate as does the use of SUDO for root rights elevation.

realnetworks

RealPlayer IVR File Remote Code Execution

Disclosed March 21, 2011    Fully Patched
Vendors: RealNetworks
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
vistaprint-logo-02

VistaPrint Uses PowerBroker Desktops to Improve Security

Posted March 18, 2011    Peter McCalister

VistaPrint is an online supplier of high-quality graphic design services and customized print products. They have over seven million customers and operate 17 localized websites in over 120 countries. The company is known for their standardized design and printing process, as well as the significantly reduced costs for their customers. VistaPrint has Windows Active Directory installed, operates a customer service center, and 400 end-users running Windows XP.

guy laptop

Back to Least Privilege Basics

Posted March 17, 2011    Peter McCalister

Least Privilege is something we’ve talked about before, and odds are good we’ll talk about it again. The reason it keeps coming up is because it’s important! It’s the key to securing Windows desktops, and it’s fundamental in the protection of root access.

ipad pic

The Privilege To Roaming Access Comes With Responsibilities

Posted March 16, 2011    Peter McCalister

We’re big fans of Apple’s iPad. How can you not like them? Svelte, sleek and slick in execution.

sticky

Automating Configuration Auditing

Posted March 15, 2011    Morey Haber

????????I want to discuss a rather simple use case with my readers that until recently, had a rather complex solution. Consider you are a major airline, corporation, or even a local government with thousands of systems that should be identical from a configuration perspective. These could be airline check-in kiosks, a call center handling support calls,…

Tags:
, , , , , , , , ,
Good-better-best

4 Bad Habits to Kick for IT Security

Posted March 15, 2011    Peter McCalister

Isn’t it amazing how easy it is to adopt bad habits? The crazy thing is that no one is immune- they plague each and every one of us. Whether we were taught incorrect practices or are just looking for shortcuts to make our lives/jobs/situations easier, each of us yields to poor patterns at some point in our lives.

Team

Do You Sudo? SHOULD You Sudo?

Posted March 14, 2011    Peter McCalister

Chances are, if your organization utilizes Unix and Linux servers, your IT staff uses sudo. After all, sudo ships free with virtually all versions and flavors of Linux and Unix and has long been a favorite tool for administrators to define what commands OS users can execute as root, without actually disclosing the root password.

php

PHP Substr_Replace Memory Corruption

Disclosed March 13, 2011    Fully Patched
Vendors: PHP
Vulnerability Severity: Medium
Exploit Impact: Remote Code Execution
Exploit Availability: