Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter

BOTZ


SECURITY BYTES


Solving information security problems                               June 2017

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      

 


SSO Saves the Day for PCI MFA

PCI MFA

June 26, 2017 — You might be scratching your head over the alphabet soup in the title.

 

Here's the scoop.

 

The PCI Security Standards Council just expanded Requirement 8.3 into two sub-requirements, 8.3.1 and 8.3.2. These require multi-factor authentication (MFA) for all non-console administrative access to the CDE (8.3.1) and multi-factor authentication for all remote access to the CDE (8.3.2).

 

Bad news: There's no way to implement MFA — as recommended by PCI guidance — on IBM i!

 

Good news: Single sign-on,when implemented using Kerberos as with our SSO stat! service, can save the day!

 

Read more...




 

Beyond Heartbleed:

Why OpenSSL is Still “The Most

Dangerous Code in the World”

OpenSSLRemember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? 

 

Well guess again.

 

Heartbleed was just a symptom of much deeper issues with OpenSSL.

 

Perhaps the most dangerous are serious flaws in the API set design and implementation that can, among other things, actually return false positives when validating certificates!

 

A recent project reminded me that far too many organizations who depend on OpenSSL are still not doing what they need to do to protect themselves.

 

So, what can you do?......

 

Read more...


 

 

 

 

Not your copy? 
Don't miss an issue! Subscribe here...

 

WHITE PAPER

In A Guide to Practical Single Sign-On, Patrick Botz explains how you can gain management buy-in to make your users happy and quickly reduce support costs when you evaluate SSO from a business perspective.
Download it here....

 

 

WORTH A READ

 

OneLogin: Breach Exposed Ability to Decrypt Data
Wow! Especially this quote: "Gartner financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based SSO services, arguing that they are the digital equivalent to an organization putting all of its eggs in one basket".....
Read more...


 

KPMG: Cybersecurity Has Reached a ‘Tipping Point’ from Tech to CEO Business Issue
Says that 76% of CEOs see investing in cybersecurity as an "opportunity to innovate and drive new revenue streams." Yet 44% of CEOs say they will not increase their cybersecurity investment. What? This article posits reasons for the disconnect.
Read more...


 

Consumer Businesses Have False Confidence in their Security: Deloitte
Who knew? (Pardon the sarcasm.) While 76% of execs are highly confident that they can respond to a cybersecurity incident, 82% have not documented or tested their incident response plans within the past year!
Read more...


 

NSA Brute-Force Keysearch Machine
"WindsorGreen" is being built for the NSA with the help of New York University and IBM. Replaces "WindsorBlue" and is said to be very good at compromising encryption and passwords. Hopefully, they use it only against foreign nations and non-US citizens.
Read more...

 

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.