Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Automating Configuration Auditing

????????I want to discuss a rather simple use case with my readers that until recently, had a rather complex solution. Consider you are a major airline, corporation, or even a local government with thousands of systems that should be identical from a configuration perspective. These could be airline check-in kiosks, a call center handling support calls,…

Post by Morey Haber March 15, 2011
, , , , , , , , ,

4 Bad Habits to Kick for IT Security

Isn’t it amazing how easy it is to adopt bad habits? The crazy thing is that no one is immune- they plague each and every one of us. Whether we were taught incorrect practices or are just looking for shortcuts to make our lives/jobs/situations easier, each of us yields to poor patterns at some point in our lives.

Post by Peter McCalister March 15, 2011

Do You Sudo? SHOULD You Sudo?

Chances are, if your organization utilizes Unix and Linux servers, your IT staff uses sudo. After all, sudo ships free with virtually all versions and flavors of Linux and Unix and has long been a favorite tool for administrators to define what commands OS users can execute as root, without actually disclosing the root password.

Post by Peter McCalister March 14, 2011

The Yin and Yang of Security and Productivity

If, as I discussed in one of my last posts, we can’t rely on compliance standards for anything more than setting the minimum bar for establishing our security measures, we are back to having to do the difficult trade off analysis on the real impact of security on productivity versus the benefits. And while there is no simple answer on how to do that analysis, there may be a different way to frame the problem.

Post by Peter McCalister March 11, 2011

Talking Ninja Monkey Hacks Android

No, we are not talking about a new John Carpenter movie or tabloid headline, although this is the headline I would love to see. The real headline is that hackers found a way to hijack root for Google Android and injected malware into 21 applications.

Post by Peter McCalister March 10, 2011

Retina in the Cloud

We recently expanded our cloud-based security offerings with Retina Cloud, so I figured it was time to post my first blog on eEye and the cloud. eEye has been providing vulnerability scanning using a SaaS model since 2009 and today, we offer customers a variety of options with respect to vulnerability scanning from the “cloud”….

Post by Brad Hibbert March 10, 2011

What Do You Think About VEF?

Please use the “Leave a Reply” function below and tell us your comments, thoughts, and suggestions about VEF. – One person will be selected at random to win a new Amazon Kindle and $25 gift card – Deadline to be entered into the VEF contest is Friday 03/11 at noon PST. – Please note that all…

Post by The eEye Research Team March 9, 2011

What Hackers Don’t Want You To Know About User Privileges

Believe it or there are people out there that aspire to be hackers. Not just the run of the mill, crack a password or two, but a bona fide Neo who can play with your secure data like a personal version of the matrix.

Post by Peter McCalister March 9, 2011

Microsoft Patch Tuesday – March 2011

Before I get started today, I want to first point out that tomorrow’s Vulnerability Expert Forum (VEF) will be at a new time – 1PM PST. Sign up to hear what Marc Maiffret and the eEye Research team have to say about today’s security bulletins and other security related topics. For this Patch Tuesday, Microsoft…

Post by Chris Silva March 8, 2011

The Soft Costs of Identity Breaches

I’ve been a loyal customer of Wells Fargo for over a decade. For lots of good reasons. Over the long President’s Day weekend was the first time I’ve received a call from them saying that one of the vendors I’ve paid recently has had a data breach and leaked my credit card information.

Post by Peter McCalister March 8, 2011