Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 1

Whenever we hear the phrase “Wild West”, the first words that come to mind are old, insecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally “Wild West” provides the perfect analogy for the way an enterprise’s remaining legacy infrastructure interfaces with a Windows desktops environment….

Post by Peter McCalister January 25, 2011
, ,

There is No Patch For Stupidity

No, I’m not talking about a Boy or Girl Scout patch (or merit badge) now awarded for making dumb errors with information technology at work. I’m referring to the ever present vendor tech support cry of “just install the patch” whenever something goes wrong.

Post by Peter McCalister January 24, 2011

Care New England Implements Least Privilege on Desktops

Care New England, located in Providence Rhode Island is a non-for-profit healthcare system that offers a continuum of quality care, including two teaching hospitals affiliated with The Warren Alpert Medical School of Brown University, Butler and Women & Infants; a community hospital, Kent; a visiting nurse and home care/hospice agency, Care New England Home Health; and the Care New England Wellness Center. Care New England’s strengths are based on complementary programs and distinctive competencies of our partner hospitals to its partner hospitals and agencies.

Post by Peter McCalister January 21, 2011

3 Ways to Remediate Misuse of Privilege

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath. In today’s security conscious enterprise, there are three level of remediation to consider:

Post by Peter McCalister January 20, 2011

I Don’t Know……Third Base?

Brian Anderson recently commented on a Wall St Journal article on The Top 50 Gawker Media Passwords. He concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. So what are smart IT security professionals to do?

Post by Peter McCalister January 19, 2011

Administrative Privileges are Behind Many, but not all Breaches

Ok – so even we admit not EVERY security breach is related to administrative privileges. We saw how horrible the passwords were of Gawker users; we know hackers exist too and there is a remaining 10% of critical Microsoft vulnerabilities that can’t be mitigated by removing admin rights. A recent reporton Virgin Media’s email recycling, which would allow a new email recipient to “retrieve a forgotten password” of the email’s previous owner could not be prevented with any measure related to administrate privileges.

Post by Peter McCalister January 18, 2011

Myth Bust: No One In My Enterprise Can Misuse Privilege

Myth Busters has become a TV phenomenon with great antics to prove or disprove commonly head “truths” as “urban legend, wife’s tale or grounded in fact-based truth. In today’s enterprise a common myth is that no one ever actually misuses the information technology (IT) privileges granted them. We thought we take a closer poke at…

Post by Peter McCalister January 17, 2011

Putting the Health Care Cart Before the Horse?

Health Information Exchanges (HIEs) are the latest buzz phrase to hit the compliance marketplace. In a recent post blogger, reported on the opinions of top IT experts, about the top Patient Health Care Information trends for 2011. Amongst a clear indication of increased breaches; imposition of fines and other regulatory action; as well as…

Post by Peter McCalister January 14, 2011

Motivation and Preparation

You probably already saw last month that a group called Gnosis hacked over 1 million rows of data from Gawker, claiming the organization had some of the worst security they could have imagined. Gnosis gained access to their database in one day and even Gawker said in an internal memo that they were largely caught…

Post by Peter McCalister January 13, 2011

Tell Us Your Patch Tuesday Story!

Please use the “Leave a Reply” function below and tell us your Patch Tuesday story for a chance to win a new Amazon Kindle and $25 gift card. Deadline to be entered into the VEF contest is Friday 1/14 at noon PST. Please note that all email/contact info will be kept private from public view,…

Post by The eEye Research Team January 12, 2011