Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for October, 2011


President Obama Endorses Least Privilege

We have showed that the insider threat is significant in this blog for the last 2 years and have even pointed out recently that it made the Wall St Journal among other well respected publications. But, when President Obama aims to stop WikiLeaks-style disclosures, then least privilege has really come of age.

Post by Peter McCalister October 17, 2011

Samsung Mobile Devices Vulnerable to Website Wipe

According to IBTimes, Samsung, one of the leaders in manufacturing Android devices, has a very serious bug in their TouchWiz implementation of Android. Samsung, like most manufacturers, modifies the stock Android image to add in its own modifications and enhancements.

Post by Peter McCalister October 16, 2011
, , ,

Terminator V: Utilities Under Fire Without Least Privilege

Remember the premise of Terminator and about another 100 or so Hollywood movies that have computers taking over the world? The first step in this conquest is always that we rely heavily on machines being connected to the worldwide web to make our life easier. This becomes problematic when said equipment is managing critical infrastructure like say electricity, water, communications, etc. Wait isn’t that what we’ve now done?

Post by Peter McCalister October 14, 2011
guy laptop

Protecting Yourself and Satisfying Auditors With Least Privilege

Within the complex world of IT infrastructure exists a vitally important group of people: those charged with administering a company’s most critical assets and protecting its most sensitive data. They are known as privileged users, and by definition they possess a collection of access rights reserved only for those a company has entrusted with significant responsibility in safeguarding not just data, but also brand reputation, customer trust, and sustained revenue.

Post by Peter McCalister October 13, 2011

The Best New IT Security Book You Have To Buy Now!

Okay, so I am a bit biased since I am one of the co-authors of this book published by Apress Media, but in the spirit of full disclosure this is an independent industry view on mitigating insider threats across physical, virtual and cloud infrastructure and doesn’t even mention BeyondTrust.

Post by Peter McCalister October 12, 2011

Microsoft Patch Tuesday – October 2011

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

Post by Chris Silva October 11, 2011
guy tie

Insiders Run Rampant in Healthcare and Financial Services Industries

Most consumers don’t blink an eye when they’re asked to provide their social security number to a healthcare or banking professional. We place complete trust into the hands of these individuals, yet employees within financial services and healthcare industries perhaps are the most notorious for snooping and disclosing sensitive information.

Post by Peter McCalister October 11, 2011

Android Handset Makers – Adding Value or Vulnerabilities?

So many things in life can cause perception to over take reality and one great example of that is as it relates to Google’s Android security. Android itself is a very robust and security minded operating system backed by one of the best security research teams in the business. One of the big things that…

Post by The eEye Research Team October 10, 2011
, ,
Intentional Harm

Speaking of Human Nature, Desktop Computing And Least Privilege

Indeed, people are known to behave differently inside and outside of the office, where the culture is different. Lines between professional and home life become blurred, and people take the suit off at home, log in in their shorts, but that doesn’t mean they should take their corporate hat off, as well. But what is the answer? Eliminating administrator rights without allowing for the elevation of certain job-necessary privileges is not the answer. Locking down a system is like asking everyone to raise his or her hand to go to the bathroom, – it shows the downside of mistrusting human nature.

Post by Peter McCalister October 10, 2011
it hell

Least Privilege And The 9 Circles Of IT Hell

Anybody remember the classic works from their college reading curriculum? Specifically today’s blog will reference an epic poem considered by many to be one of the greatest in world literature: Dante Alighieri’s “Divine Comedy”. Now you might be asking what does Dante’s nine circles of hell have to do with least privilege and why should…

Post by Peter McCalister October 7, 2011