Follow us
Sign up for the Botz Security Bytes newsletter!
Categories
- Announcement (10)
- Authentication (3)
- Biometrics (7)
- Botz Blog (25)
- Cloud Security (10)
- Compliance (11)
- Encryption (8)
- High Availability (3)
- IBM i Security (51)
- Info Security Mgmt (52)
- Information Security (43)
- Mobile Security (13)
- Password Management (4)
- Security Breach (7)
- Single Sign-On (SSO) (34)
- Social Engineering (4)
- Two Factor Authentication (2)
- Uncategorized (1)
- User Authority (2)
Author Archives: Patrick Botz
OR… How to Recognize the Threat in the Seedling You regularly read news of security breaches, right? So why are all these businesses – large and small – getting hacked, cracked, and/or extorted by ransomware?
At the end of April, the Payment Card Industry (PCI) Security Standards Council released version 3.2 of the PCI Data Security Standard (DSS). A couple changes are noteworthy, even though most were incremental or for clarification purposes.
You may have heard that IBM included an interesting new security-related enhancement in the V7.3 release. Called authority collection, it provides information intended to help security administrators minimize the amount of authority to objects granted to users on a system.
Verizon’s “Data breach digest. Scenarios from the field.” document includes a description of a successful attack on a water utility running on an “AS/400” (a.k.a. IBM i.) It describes how a suspected Syrian “hacktivist” group broke into an IBM i … Continue reading
Lately I’ve found myself wondering…. does the FBI really need Apple’s help to decrypt a bad guy’s iPhone? Something seems fishy about the dust up between the FBI and Apple over the encrypted iPhone previously used by one of the … Continue reading
I recently had the opportunity to help a customer implement a web services interface that relied on SAML for authentication. Doing so provided a couple of insights that I found interesting.
Posted in Authentication
Tagged authentication, cloud security, Enterprise Identity Mapping, saml, Single Signon, sso
Leave a comment
We’ve been hearing about Windows Server 2016 for a while now. It’s time to see what Microsoft is doing with respect to Active Directory Domain Services (AD DS) and authentication enhancements.
Posted in Announcement, Single Sign-On (SSO)
Tagged active directory, authentication, single sign on, sso
Leave a comment
Recently I described a process that I use with customers to help them make decisions about where to spend their money allocated to information security. That post explained how to identify projects, but it didn’t address how to prioritize those … Continue reading
Single sign-on (SSO) implementations tend to be very stable — unless you make specific system changes without planning ahead. Over the years, I’ve seen a handful problems occur more often than any others. None of the problems are complicated or … Continue reading
We all know about special authorities, right? Defined by the IBM i operating system, they include *ALLOBJ, *AUDIT, *JOBCTL, *IOSYSCFG, *SAVSYS, *SERVICE, *SECADM and *SPLCTL. A few months ago I wrote about a set of IBM i APIs and commands … Continue reading
Posted in IBM i Security
Tagged AS/400, IBM i Security, IBMi, job authority, special authorities
Leave a comment
