Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Looking For A Needle In A Haystack Without Least Privilege

Ever use the phrase that looking for something was like “finding a needle in a haystack”? If you’ve ever seen (or especially played in) a haystack then you understand the magnitude of that challenge. This also applies to IT security when trying to uncover who or what was able to access confidential information and either steal, damage or delete it altogether.

Post by Peter McCalister December 7, 2011

It Takes More Than a Decoder Ring

This week I was invited to lend my “expert thoughts” on a recent news piece on a UK intelligence agency which has opened up their hiring practices to include an online code cracking competition.  The team over at CNN’s Situation Room thought this was an interesting concept and invited me in for a quick discussion….

Post by Marc Maiffret December 6, 2011
, , ,

You And I: The Not So Obvious Insider Threat

Remember the scene in Jerry Maguire where he has returned to his office to collect his stuff, after learning he has been let go, and he has a bit of a freak-out on the way out the door, grabbing the goldfish and making bold claims about the company he is going to build that will…

Post by Peter McCalister December 6, 2011

Black Market For Server Data Is Prevelant And Profitable

The economy of cyber-crime is all too real—and too enticing. No longer sequestered to dark alleys and seedy bars, data thieves have almost unlimited options to market their ill-gotten wares to potential buyers. What this means to employers and organizations: the temptation to access and “appropriate” sensitive data may be too great for some to resist.

Post by Peter McCalister December 5, 2011

The Confluence Of Influenza, 0Day Viruses and Least Privilege

What does influenza, 0day viruses and least privilege have in common you may ask? Besides just being a cool title to get you to read this blog, it turns out that natural mutations, the fear of the unknown and reducing attack surfaces is the short answer. The long answer is best understood by first reading…

Post by Peter McCalister December 2, 2011
old school

What’s New With IAM?

What’s New? Well according to some of the participants at the Gartner Identify and Access Management Summit in San Diego, not much.

Post by Peter McCalister December 1, 2011
least privilege architecture

Least Privilege Windows Architecturally Speaking

We’ve talked about least privilege throughout thisblog over the past two years at length, but why should a desktop user care? Ultimately, a user needs admin rights on the desktop to

Post by Peter McCalister November 30, 2011

M&M Security Bound To Be Eaten Without Least Privilege

No, I’m not talking about the Mars candy, funny characters pervasive on your TV, or even the legendary brown ones from a Van Halen concert rider.

Post by Peter McCalister November 28, 2011

Windows Server 2008 R2 Recycle Bin

Microsoft has included recovery capabilities with every release Active Directory (AD) from Windows Server 2000 on. There is a saying that has been around in IT for a long time, “An administrator is only as good as their last backup”. This is because accidental deletions of a single user object to the removal of hundreds…

Post by Morgan Holm November 26, 2011
, , , , , , ,

Don’t Be The IAM Turkey This Thanksgiving

Most of the United States and Canada are preparing for the anual food fest known as Thanksgiving tomorrow to celebrate the bountiful harvest season. Or is it just an excuse for a work holiday in November? Either way, you can be sure that the potential for IT security breaches increase as vigilance wains for the holiday season.

Post by Peter McCalister November 23, 2011