Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


Does Compliance = Security?

Posted February 15, 2011    Peter McCalister

Since it’s hard to analyze the tradeoffs between security and productivity, IT organizations can fall back on gut feel, rules of thumb and past practices in making these decisions. The easiest answer is frequently to just follow the rules and regulations so you remain in compliance with industry regulations or current policies. As a result, compliance becomes a substitute for security. But are they really equal? Does being in compliance mean you have a secure IT environment?

Security Research
eye in the sky_smaller-resized-600.jpg

Top VM Reports for Daily Security

Posted February 15, 2011    Morey Haber

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a…

Vulnerability Management
, ,

Oracle 10/11g exp.exe – param file Local Buffer Overflow

Disclosed February 15, 2011    Fully Patched
Vendors: Oracle
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Zeroday Tracker
ipad pic

Visit BeyondTrust Booth at RSA 2011 and Win an iPad

Posted February 14, 2011    Peter McCalister

If you are going to San Francisco for RSA this week (with or without a flower in your hair), then you should stop by the BeyondTrust booth #945 and check out the latest greatest privilege identity management solutions to eliminate admin rights across desktop, server and network devices as well as virtual and cloud environments.


Microsoft Windows Server 2003 AD Pre-Auth Browser Election Remote Heap Overflow

Disclosed February 14, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Zeroday Tracker

Rock the Cradle of Root Access Gently

Posted February 11, 2011    Peter McCalister

The hand that rocks the cradle rules the world. This is an absolute truth. Although originally referring to motherhood, there is an especially poignant application from an enterprise point of view. As long as the hand (your IT manager with root access) handles that cradle gently (your server and the sensitive information therein), your world will remain a secure place.

monster under bed

Scary Night Dragons Fall from Sky

Posted February 10, 2011    Marc Maiffret

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous scary threat “Operation Aurora” and a timely announcement leading up to one of the security industry’s biggest conferences in San Francisco next week, RSA. Wait, what?

Vulnerability Management

Black Swans and Tough Trade-offs For Privilege Identity Management

Posted February 10, 2011    Peter McCalister

Recently we talked about the difficult trade-off between security and productivity in regard to designing effective password policies. Managing these difficult exchanges is a major challenge for many IT decision makers. Security is time consuming and complicated, which almost always means extra work for someone. So IT must decide: is reduced security risk worth the extra work?

Privileged Account Management
guy laptop

Add an Identity Management Stitch to Your Enterprise and Save Nine

Posted February 9, 2011    Peter McCalister

I have a friend who, at any given moment, can recount any of the old wives tales he grew up hearing. Most of them I just roll my eyes at, but every now and then there’s a little gem that makes life a little easier. Take “a stitch in time saves nine.” That’s legitimate advice. The concept of taking certain actions before a large-scale problem evolves transcends all aspects of the human existence, and even spreads to the security of your enterprise. One particularly useful stitch comes in the form of preventing the misuse of privileges within the walls of your company.


Microsoft Patch Tuesday – February 2011

Posted February 8, 2011    Chris Silva

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…

Security Research