Contents tagged with Security
-
Secret Server 4.1 goes live!
The team thinks it should be 5.0 since the new features were pretty huge! :) The full release notes are here. The new version includes role based security which allows you to slice and dice the access to various features across your organization. We also have a new feature that allows you to automatically launch Remote Desktop from a secret which is very convenient.
-
Bad password requirements
This morning I signed up with a major credit card company website. Much to my surprise I was greeted with this requirement while choosing a password:
-
Symmetric Salting - remember that salt goes with more than just hash
If you understand hashing and salting then skip the next paragraph.
-
Shipping Software ... Secret Server 3.1 Sneak Peek
Shipping software is one of the most exciting times for a development team but this new release is easily the most anticipated version of Secret Server to date by our customers. Secret Server 3.1 will feature the two most requested features from customers who visited our booth at TechEd in June 2007: full Active Directory synchronization along with remote password changing. I am very proud of our team being able to take both of these features from whiteboard to release in about 7 weeks.
-
Kevin Jones is now an ASP.NET MVP!
Our own Kevin Jones has been awarded MVP for ASP.NET by Microsoft. This award recognizes his excellence in technical skills and his contributions to the community in spreading best practices in software development.
-
Secret Server 1.1 makes the Daily Grind
Mike Gunderloy, one of our early adopters, has added our Secret Server 1.1 release to the Daily Grind today! This is a huge compliment from a guru in tools, development and the developer community. Thanks Mike!
-
Feeling your users pain (and release notes for Secret Server 1.1)
It is a wonderful feeling to ship software - it has been a long hard slog to get this round of features complete. Especially while juggling our developers across various projects and client work. This is also a welcome release as we get to use all the new features in our own company Secret Server instance.
-
Secret Server 1.1 is out ... go and get it!
I haven't blogged in a few weeks but I have a few good reasons. Client projects with tight deadlines, the final push for our second big release of Thycotic Secret Server and also holding back on the irresistable urge to talk about features that aren't released yet (not much of a marketing person, huh?). We have listened to feedback and added several features as requested by users. One of the biggest new features - new support for Microsoft Access - which means that you DO NOT have to use Microsoft SQL Server to use Thycotic Secret Server anymore! We also have a new built-in import tool that accepts CSV format so you can easily import your AnyPassword or Keepass secrets to try it out with no risk.
-
Keep the numbers meaningful in Security Reviews
I just came across this post (older) by Robert Hurlbut titled "DREAD is dead" and it reminded me of our experiences with these same ratings today. We are in the middle of a Security Review for a client and have been working through our threat model to assess the risk associated with each item. DREAD is a technique for assessing such risk using the factors: Damage potential, Reproducibility, Exploitability, Affected users and Discoverability. As Robert mentions, the idea is to rate the threat on each of these factors using a scale from 1 to 10. Then add up all the numbers for each threat (average it if you wish) and you can list the threats in DREAD priority.