Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Is VDI More Secure Than Regular Desktops? I Think Not!

I’ve made the argument in the past that VDI has a far greater potential for damage than normal desktops, in fact making them less secure in point of fact. If effective security is defined as (security profile) x (risk profile) = (effective operational risk), then the same exact same security profile applied to a standard…

Post by Peter McCalister December 29, 2011

Happy Secure New Year from eEye and Metasploit

Since we announced our initial Retina Community integration with Metasploit, we’ve received tremendous positive feedback, both on the integration itself, as well as for delivering a uniquely seamless penetration testing toolset as a community offering. As we look toward 2012, we want to continue on that path and help deliver a Secure New Year, courtesy…

Post by The eEye Research Team December 28, 2011
, , ,
goldie locks cover

We Are Now Entering The “Goldilocks Zone”

Turns out that Goldilocks isn’t just a children’s story, or even a metaphor used by marketing-types extolling the vices of extremeism and the virtues of “just right” privileges. Yep, even astronomers coop Goldilocks to describe the perfect zone for habitable planets. In a recent Associated Press article titled “New Earth-like Planet Discovered Outside Our Solar…

Post by Peter McCalister December 28, 2011
villain trio

Insider Threats – Are They Just Human Nature?

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is…

Post by Peter McCalister December 27, 2011
Accidental Harm

The Law Of Unintended Consequences

It’s been a long while since I’ve logged into a UNIX box at the console or via telnet. But back when I was first learning my way around UNIX in the late 80′s and early 90′s, I vividly remember the nearly universal greeting when logging in as root: ————————————– login: root password: Don’t login as…

Post by Peter McCalister December 21, 2011

Compliance Considerations For 2012

As 2011 comes to a close, it’s time to start looking ahead to what 2012 will bring, including compliance considerations for the New Year. All regulations emphasize fraud control, therefore internal automated controls over all access (especially privileged users) will provide assurance; the Ponemon Institute has identified “privileged access” as an area of “higher risk…

Post by Peter McCalister December 20, 2011
finding money

Hard Versus Soft Cost Of Privilege Misuse

All costs aren’t completely obvious. Simply stated, the principle of least privilege means that a user must run with the least amount of privilege for the least being performed. And what does this mean for you? It means you should look closely at eliminating administrator rights from users who don’t absolutely need them, and elevate…

Post by Peter McCalister December 19, 2011

Of Saints, Sinners and The Least Privileged

As I’ve waded through the hundreds of published insider breaches from just the last two years, what is a clear recurring theme is that of the vagaries of human nature. Not meaning to wax poetic, but it is always an individual who misused their own, or some other insider’s, privileged access authorizations to information technology…

Post by Peter McCalister December 16, 2011

Microsoft Patch Tuesday – December 2011

To wish IT administrators everywhere a happy holiday, Microsoft today released 13 security bulletins. Microsoft had initially planned to release 14 bulletins, but a bulletin related to the BEAST vulnerability was held back for not behaving well with other other software. Assuming it can be whipped into shape, it will most likely make an appearance…

Post by Chris Silva December 13, 2011

Security Predictions: All Hat, No Cattle

This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given…

Post by Marc Maiffret December 13, 2011