BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Team

Password Rotation, Phishing and Authentication Limitations, Oh My!

Posted January 26, 2011    Peter McCalister

As we have pointed out in several recent blog posts, getting users to choose effective passwords is hard. This is particularly important to us at BeyondTrust since for our PIM solutions to function correctly we need to accurately authenticate a user to know what access privileges to grant them While new technologies for user authentication are on the way, they aren’t here just yet.

Categories:
General
img-mobile

Referential Integrity When Performing a Vulnerability Assessment

Posted January 25, 2011    Morey Haber

James Thurber wrote back in 1959, “When all things are equal, translucence in writing is more effective than transparency, just as glow is more revealing than glare.” The critical aspect of his statement is based on equality. When using multiple distributed applications, regardless of technology, having the same version on all the systems is sometimes…

Categories:
Vulnerability Management
Tags:
, ,
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 1

Posted January 25, 2011    Peter McCalister

Whenever we hear the phrase “Wild West”, the first words that come to mind are old, insecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally “Wild West” provides the perfect analogy for the way an enterprise’s remaining legacy infrastructure interfaces with a Windows desktops environment….

Categories:
Privileged Account Management
Tags:
, ,
vista-patch-bandaid-sp1

There is No Patch For Stupidity

Posted January 24, 2011    Peter McCalister

No, I’m not talking about a Boy or Girl Scout patch (or merit badge) now awarded for making dumb errors with information technology at work. I’m referring to the ever present vendor tech support cry of “just install the patch” whenever something goes wrong.

Categories:
General, Security Research
PBSE

Care New England Implements Least Privilege on Desktops

Posted January 21, 2011    Peter McCalister

Care New England, located in Providence Rhode Island is a non-for-profit healthcare system that offers a continuum of quality care, including two teaching hospitals affiliated with The Warren Alpert Medical School of Brown University, Butler and Women & Infants; a community hospital, Kent; a visiting nurse and home care/hospice agency, Care New England Home Health; and the Care New England Wellness Center. Care New England’s strengths are based on complementary programs and distinctive competencies of our partner hospitals to its partner hospitals and agencies.

Categories:
Privileged Account Management
videolan

VideoLAN VLC Media Player CDG Decoder Module Array Indexing Vulnerabilities

Disclosed January 21, 2011    No Patch Available
Vendors: VideoLAN
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
opera

Opera Browser “select” Element Children Integer Truncation Vulnerability

Disclosed January 21, 2011    Fully Patched
Vendors: Opera Software
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
pillars

3 Ways to Remediate Misuse of Privilege

Posted January 20, 2011    Peter McCalister

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath. In today’s security conscious enterprise, there are three level of remediation to consider:

Categories:
Privileged Account Management
shoe

I Don’t Know……Third Base?

Posted January 19, 2011    Peter McCalister

Brian Anderson recently commented on a Wall St Journal article on The Top 50 Gawker Media Passwords. He concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. So what are smart IT security professionals to do?

Categories:
General
Lockdown

Administrative Privileges are Behind Many, but not all Breaches

Posted January 18, 2011    Peter McCalister

Ok – so even we admit not EVERY security breach is related to administrative privileges. We saw how horrible the passwords were of Gawker users; we know hackers exist too and there is a remaining 10% of critical Microsoft vulnerabilities that can’t be mitigated by removing admin rights. A recent reporton Virgin Media’s email recycling, which would allow a new email recipient to “retrieve a forgotten password” of the email’s previous owner could not be prevented with any measure related to administrate privileges.

Categories:
Privileged Account Management