BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
cloudlock-1

It’s 11.11.11 Is Your Cloud More Secure?

Posted November 11, 2011    Peter McCalister

As more and more of you drive to cloud-based applications and infrastructure because you are experiencing the pressures from management who seem to buy every single bit of hype generated by the press, it becomes clear where the biggest concerns arise. Namely security.

Categories:
Vulnerability Management
shot1

Group Policy Delegation and PowerBroker Desktops

Posted November 10, 2011    Peter McCalister

Group Policy provides powerful controls over desktop configuration, and it includes full delegation capabilities to allow network administrators to delegate Group Policy configuration tasks to others. Since Group Policy has so many powerful capabilities, it is critical to delegate certain tasks to other network administrators, without giving them Domain Admin rights or full edit rights over the entire Group Policy Object (GPO).

Categories:
Vulnerability Management
apple

Apple OS X Sandbox Predefined Profile Bypass Vulnerability

Disclosed November 10, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
os lion

Time for IT to Support–and Secure–the Mac

Posted November 9, 2011    Peter McCalister

It seems that the tides have changed again with regard to Macs in the workplace, as covered by the Apple 2.0 blog on CNN Money. As noted in the post, “Hell freezes over: Forrester urges IT to support the Mac,” A new report from Forrester Research, Inc. urges IT departments to depart from their old…

Categories:
Vulnerability Management
patch-tuesday

Microsoft Patch Tuesday – November 2011

Posted November 8, 2011    Chris Silva

This month Microsoft released four security bulletins, patching a total of four vulnerabilities. Included in this month’s bulletins is a particularly ugly vulnerability in tcpip.sys (MS11-083). This vulnerability involves sending a large amount of UDP packets to a closed port. While the amount of work to exploit seems great and Microsoft feels that exploitation will…

Categories:
Security Research
lucy2

In a Perfect World, Trust Is All You Need

Posted November 8, 2011    Peter McCalister

This week I had an interesting exchange with a full-time Linux administrator. What started out as a discussion about PowerBroker Servers Linux Edition, quickly became a heated debate about trust. After much back and forth, he said this: “At the end of the day, employers need to trust the employees. Relying on technological solutions to ‘keep honest people honest’ is putting the cart before the horse. If you can’t trust your employees, you shouldn’t have hired them.”

Categories:
Privileged Account Management
gone 60

Identity Thief Irene More Profitable Than Memphis Raines

Posted November 7, 2011    Peter McCalister

How many of you remember the Nicholas Cage character, Memphis Raines in the action movie Gone in 60 Seconds? If you do, bravo for being an action movie buff… for those of you not “in the know” he was a (fictional) car thief who had to steal 50 high end cars in just one night.

Categories:
Vulnerability Management
winning

Webinar Winner! Congratulations to the Winner of Our Motorola Xoom Tablet Giveaway!

Posted November 6, 2011    Mike Puterbaugh

Recently we hosted a webinar with VMware, “Close Your Virtual App Security Gap”. If you haven’t had a chance to check out the materials from that webcast, you can find the slides here. It was a great session, where the eEye and VMware ThinApp product teams talked about virtual app security and how virtual apps can…

Categories:
Vulnerability Management
Tags:
,
book

New Least Privilege Book Garners Initial Reviews

Posted November 4, 2011    Peter McCalister

Two weeks ago a new book called “Preventing Good People From Doing Bad Things” was published by Apress Media, and I even published the top 10 reasons to buy the book last week in this blog, but why take my word for it when you can look to those independent reviewers for unbiased insight?. Bob…

Categories:
General
microsoft

Microsoft Excel 2003 Use After Free

Disclosed November 4, 2011    No Patch Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker