Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 4

WE’RE STILL INVESTIGATING HOW IT HAPPENED, IT’S TOO CONFIDENTIAL TO SAY MORE, BUT REST ASSURED EVERYTHING IS OK NOW. – The IMF, June 2011 This excuse is often used by organisations that decide to mop up media interest with an early announcement confirming investigations are underway (we’re taking this seriously) while reassuring people everything is…

Post by Peter McCalister January 6, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 3

BLAME IT ON A THIRD PARTY/MALWARE/THE WEATHER – Frequently throughout the year…. With so much out-soucing today, it’s easy to divert attention away from your role in allowing data to be breached, by focusing on slopping practices of third party suppliers and contractors (while not saying of course that it was you who hired them…

Post by Peter McCalister January 5, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 2

SHUT THE DOOR AFTER THE HORSE HAS BOLTED. High Point Regional Health System, USA, September 2011 This excuse allows the breached organization to sound authoritative by providing an answer to how the breach could have been prevented to the media and public, even if it is a solution they haven’t put into practice yet. Unfortunately,…

Post by Peter McCalister January 4, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 1

SADLY, IT’S NOT POSSIBLE TO TRUST ALL PEOPLE ALL OF THE TIME – Gwent Police, Wales, UK, May 2011 This is one of the more favored excuses used by organizations who prefer to show some attrition for taking their eye off the ball for a few days, months, years,… (fill in the blank) later. In…

Post by Peter McCalister January 3, 2012

Amazon Kindle Winner Announced. Join our January VEF and Win!

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your…

Post by Sarah Lieber December 30, 2011
, ,

HashDoS Crashes Your New Year’s Eve Party (and your web server)

Microsoft made the last few days of 2011 somewhat exciting by releasing an out -of-band patch, the only time all year they’ve deviated from a normal Patch Tuesday distribution. We’ll update this blog with new developments, so keep checking back for new information. So, what’s all the excitement about?

Post by The eEye Research Team December 29, 2011

Is VDI More Secure Than Regular Desktops? I Think Not!

I’ve made the argument in the past that VDI has a far greater potential for damage than normal desktops, in fact making them less secure in point of fact. If effective security is defined as (security profile) x (risk profile) = (effective operational risk), then the same exact same security profile applied to a standard…

Post by Peter McCalister December 29, 2011

Happy Secure New Year from eEye and Metasploit

Since we announced our initial Retina Community integration with Metasploit, we’ve received tremendous positive feedback, both on the integration itself, as well as for delivering a uniquely seamless penetration testing toolset as a community offering. As we look toward 2012, we want to continue on that path and help deliver a Secure New Year, courtesy…

Post by The eEye Research Team December 28, 2011
, , ,
goldie locks cover

We Are Now Entering The “Goldilocks Zone”

Turns out that Goldilocks isn’t just a children’s story, or even a metaphor used by marketing-types extolling the vices of extremeism and the virtues of “just right” privileges. Yep, even astronomers coop Goldilocks to describe the perfect zone for habitable planets. In a recent Associated Press article titled “New Earth-like Planet Discovered Outside Our Solar…

Post by Peter McCalister December 28, 2011
villain trio

Insider Threats – Are They Just Human Nature?

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is…

Post by Peter McCalister December 27, 2011