Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Microsoft Patch Tuesday – February 2011

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…

Post by Chris Silva February 8, 2011

Wikileaks Could be You Without Privilege Identity Management

Those that follow this blog have probably seen us write on Wikileaks before. We covered it here and eWeek invited us to cover the topic for their knowledge center here. Our message is that Wikileaks isn’t just for government or military organizations. Half of the leaked information on Wikileaks is on private organizations and Julian has suggested that corporations are next on the chopping block.

Post by Peter McCalister February 8, 2011

eEye for the Win

At the start of every year employees of eEye gather for our yearly company kick-off. We discuss what we did right in the previous year and ways that we can improve in this New Year. We talk about our product roadmap and the sales and marketing strategies for the year. We also answer the question that is probably more important than anything: “What type of company do we want to be?”

Post by Marc Maiffret February 7, 2011

An Apple (Compliance) a Day Keeps the Doctor (Auditors) Away

There’s an old wives’ tale that explains “an apple a day keeps the doctor away.” While this advice may not always be the case in the medical industry, it is absolutely accurate when it comes to the world of IT compliance. When you regularly incorporate apples (compliance) into your daily enterprise diet, the doctors (auditors) that come won’t find ailments that need to be fixed.

Post by Peter McCalister February 7, 2011
Intentional Harm

Cutting Pay? Think Least Privilege First

There was a big story in Network World about an IT staffer who sold his own company pirated software, used corporate servers for his own purposes and even downloaded credit card information.

Post by Peter McCalister February 4, 2011
eye in the sky_smaller-resized-600.jpg

Monitoring Your Change Control Processes

I have responded to a number of RFPs (Request For Proposal) in my day and recently I have seen a trend in some of the questions. While the question varies between requests, there seems to be a growing trend that users want vulnerability assessment tools to not only identify vulnerabilities, but to also track changes to…

Post by Morey Haber February 3, 2011
, , , ,

Stolen Fruit is the Sweetest (Especially for Hackers)

I’m sure you’ve heard the saying, “stolen fruit is the sweetest.” It’s a phrase that gets thrown around lightly, but it’s time to take it to heart. In a day when information and sensitive data are being stolen, manipulated, and blasted for the world to read, this is a saying we all need to look at twice. Hackers, inside security leakers, and thieves all agree: that which is stolen is the sweetest. You don’t want to find out how sweet the information in your enterprise will be to them. Steps should to be taken to secure the sensitive information and data in enterprises across the world.

Post by Peter McCalister February 3, 2011
broken chain

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 4

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report Legacy Applications and Least Privilege Access Management’ – which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

Post by Peter McCalister February 2, 2011

Prevent Security Storms by Eliminating Admin Rights

How many times have you heard the old proverb, “after the storm comes the calm?” And how many times have you just accepted “storms” as part of life? From my point of view, these downpours aren’t actually necessary.

Post by Peter McCalister February 1, 2011

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1

New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…

Post by Morey Haber January 31, 2011
, , ,