least privilege

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. SynJunkie reminds us that is best to not run as admin all the time and then offers some tips on how to elevate our privileges when we need to.
    Syn: Part-time Superman
    Tags: ( windows least-privilege )
  2. Mike Rothman has penned an article for fudsec that you owe it to yourself to go read. He calls out some fud and then gives us some actionable advice. Good stuff and, yes, I said "actionable." I'm sorry, it's the manager is me sneaking out 🙂
    Guerilla Security Leadership - fudsec.com
    Tags: ( general )
  3. The A6 (Automated Audit, Assertion, Assessment, and Assurance API) Working Group held their kick-off call recently. The recording is available.
    Recording & Playback of WebEx A6 Working Group Kick-Off Call from 1/8/2010 Available | Rational Survivability
    Tags: ( cloud a6 )
  4. Mark points out that bad things can happen if somebody who shouldn't be able too, has the ability to delete computers in an Active Directory domain. Good thing he shows us how to fix it too.
    Gone in 60 Seconds
    Tags: ( active-directory )
  5. Didier gives a video tutorial on using the Adobe Reader JavaScript Blacklist Framework. Pretty nifty stuff.
    Adobe Reader JavaScript Blacklist Framework << Didier Stevens
    Tags: ( )
  6. Anton points out that PCI has components that are not just point-in-time issues, i.e. there are ongoing compliance checks and requirements.
    Anton Chuvakin Blog - "Security Warrior": How to Stay Compliant? or Ongoing Tasks in PCI DSS
    Tags: ( pci )
  7. Securosis has started a new feature call FireStarter. They will be tossing ideas out for the community to chew on. First up - Risk Management. Go check it out and offer up some FIRE!
    Securosis Blog | FireStarter: The Grand Unified Theory of Risk Management
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.