Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for March, 2011


Retina in the Cloud

We recently expanded our cloud-based security offerings with Retina Cloud, so I figured it was time to post my first blog on eEye and the cloud. eEye has been providing vulnerability scanning using a SaaS model since 2009 and today, we offer customers a variety of options with respect to vulnerability scanning from the “cloud”….

Post by Brad Hibbert March 10, 2011

What Do You Think About VEF?

Please use the “Leave a Reply” function below and tell us your comments, thoughts, and suggestions about VEF. – One person will be selected at random to win a new Amazon Kindle and $25 gift card – Deadline to be entered into the VEF contest is Friday 03/11 at noon PST. – Please note that all…

Post by The eEye Research Team March 9, 2011

What Hackers Don’t Want You To Know About User Privileges

Believe it or there are people out there that aspire to be hackers. Not just the run of the mill, crack a password or two, but a bona fide Neo who can play with your secure data like a personal version of the matrix.

Post by Peter McCalister March 9, 2011

Microsoft Patch Tuesday – March 2011

Before I get started today, I want to first point out that tomorrow’s Vulnerability Expert Forum (VEF) will be at a new time – 1PM PST. Sign up to hear what Marc Maiffret and the eEye Research team have to say about today’s security bulletins and other security related topics. For this Patch Tuesday, Microsoft…

Post by Chris Silva March 8, 2011

The Soft Costs of Identity Breaches

I’ve been a loyal customer of Wells Fargo for over a decade. For lots of good reasons. Over the long President’s Day weekend was the first time I’ve received a call from them saying that one of the vendors I’ve paid recently has had a data breach and leaked my credit card information.

Post by Peter McCalister March 8, 2011
cross bridge

Walk On The Wild Side … Of a Failed Audit

I couldn’t resist one last homage to classic rock. This time Lou Reed sings “everybody had to pay and pay; a hustle here and a hustle there…hey babe, take a walk on the wild side” while we chat about the right, wrong and wild side of the dreaded audit.

Post by Peter McCalister March 7, 2011
cloud sec

Logs in the Cloud – Why Cloud Security is More of the Same

One of the blogs we like to read is the so called “Security Warrior”, who recently wrote a great summary and counterargument to a discussion on logging in the cloud that includes links to some of the industry’s back and forth.

Post by Peter McCalister March 4, 2011
broken chain

Rogue Asset Detection

A few weeks ago in my blog, I mentioned a critique regarding targeted vulnerability assessment and its ability to not identify rogue devices.  Anytime you have definitive host list (by host name or from Active Directory for example), or a fixed set of IP addresses (versus ranges) you can potentially miss devices connected to your…

Post by Morey Haber March 3, 2011

Kernel Versus User Mode? – It’s a Question of Security

In the great debate of how to secure the desktop from the misuse of privilege, nothing is more contested then the approach: kernel versus user mode. Every vendor will postulate on their approach as the best methodology for eliminating desktop admin rights and fostering a least privilege environment, but how do you separate the marketing BS from the technical realities?

Post by Peter McCalister March 3, 2011

The Man Who Sold The World

Depending on your generation (read “age”), you either know this as a classic David Bowie song and album (yes, vinyl did exist once) or an incrediblesong by Nirvana during their MTV Unplugged performance. Since I’m on a classic rock roll (pun intended) and just saw yet another article on an insider selling corporate assets, I thought I should write a bit more about the temptations of the “over privileged”.

Post by Peter McCalister March 2, 2011