BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Talking Ninja Monkey Hacks Android

Posted March 10, 2011    Peter McCalister

No, we are not talking about a new John Carpenter movie or tabloid headline, although this is the headline I would love to see.  The real headline is that hackers found a way to hijack root for Google Android and injected malware into 21 applications.

The headline used by WSJ.com on Mar 8 was “Google Takes Heat Over App Security.” and reported that “The company behind the now ubiquitous Android operating system came under fire after computer-security experts last week uncovered more than 50 malicious applications that were uploaded to and distributed from Google’s Android Market.”  We have warned companies frequently in this blog about the dangers of root access and how it can be used for indirect misuse of privilegeby malware.  In fact, this is not the first time that Google experienced this type of intrusion as was reported back in October, 2010.

But I think Andrian Kingsley-Hughes over at ZDNet cuts to the heart of the matter by saying “To many of its fans, the openness and freedoms offered by the Android mobile operating systems is one of its main selling points. But that openness come with a price – it makes it easy for nefarious types to sneak malware into apps. And that’s exactly what they are doing.”

I also think the subject of “freeware” vs “licensed software” has a direct effect in the server market with the ubiquitous use of sudo.  I can only hope that at some point IT professionals will wake up to the value of implementing a licensed privilege identity management solution across desktops, servers, virtual and cloud environments in order to eliminate the misuse of privilege.

Now if only the hacker who pulled off this feat with Android had the handle @TalkingNinjaMonkey then this story would be complete and we’d have the perfect headline…at least until every company implements a least privilege solution and eliminates root and admin access across the extended enterprise.

Leave a Reply

Additional articles

gartner market guide image - aug 2014

Introducing the Gartner Market Guide for Privileged Account Management

Posted July 29, 2014    Chris Burd

Gartner recently released a new Market Guide for Privileged Account Management (PAM), and we’d like to share a complimentary copy with you. The report includes PAM market analysis and direction, vendor overviews, and recommendations for selecting PAM solutions for your environment. BeyondTrust is one of two representative vendors (out of 20) to address all solution…

Tags:
, , , , , , , ,
Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,