Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Some Identities Are Worth More Than Others

We may be all created equal, but some identities are worth more than others. I’m not just talking about Mark Zuckerberg or Bill Gates being worth more than the average Mark or Bill working across the hall from you. It turns out that identity thieves target patient health information more than standard social security identities for good reason.

Post by Peter McCalister September 23, 2011

Sneak Peek: Free Mobility Scanning from eEye

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

Post by Brad Hibbert September 21, 2011
linux logo

Extending Password Policy To UNIX and Linux

Our friends and colleagues at the Linux Foundation have been hit by a “brute force attack” and many of their sites have been taken down until the security breach is fully controlled.

Post by Peter McCalister September 21, 2011
villain trio

A Risk Worth Taking?

It’s bad enough when an accidental insider threat compromises an organization’s security, but there’s something worse when it’s the result of a malicious past, or current employee, and according to the results of a recent survey, that’s something all employers should be worried about.

Post by Peter McCalister September 20, 2011

In Denial Over Insider Threats?

Ever felt like if you could just ignore something, it would go away, disappear, self-correct? Guess what? The good news is you’re not alone. The bad news is that the company you’re keeping happens to be the majority of IT security professionals responsible for protecting corporate information assets.

Post by Peter McCalister September 19, 2011

Déjà Vu All Over Again

Several months ago I commented on the 3 Pillars of Desktop Security – patch management, virus protection and least privilege. Reviewing our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities.

Post by Peter McCalister September 16, 2011

Automating Scanner Updates

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often…

Post by Morey Haber September 15, 2011

The US Government Wants to Secure Your Data. Well, Sort Of.

Earlier today, George Hulme reported on a recently-introduced piece of legislation, the Personal Data Protection and Breach Accountability Act of 2011 (or PDPBAA for short, which sounds like how my last is pronounced sometimes), geared toward protecting customer data from theft or loss. Senator Richard Blumenthal (D-CT) hopes that this new bill will “prevent and…

Post by Mike Puterbaugh September 14, 2011

Microsoft Patch Tuesday – September 2011

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Post by Chris Silva September 14, 2011

Insider Threats Exist in Virtualized Environments Too!

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

Post by Peter McCalister September 13, 2011