Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — April 2016

BOTZ


SECURITY BYTES


Solving information security problems                               April 2016

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      

 

Good News & Bad News:

The New Authority Collection

Feature in IBM i 7.3


IBM i 7.3 SecurityApril 18, 2016 — You may have heard that IBM included an interesting new security-related enhancement in the 7.3 release.

Called authority collection, it provides information intended to help security administrators minimize the amount of authority to objects granted to users on a system.

Authority collection will prove to be a useful addition to your information security management tool chest. This is the good news.

The bad news is that the new function is far from a silver bullet. Although not the fault of the function itself, I think it has the potential to propagate the mistaken notion that......

Read more...


 

The Great "Security by Obscurity"

Debate


Security by Obscurity

“Security by obscurity” means relying on lack of knowledge of how a thing is protected as the sole means of preventing unauthorized access to that thing.

There’s been a debate going on over at the Midrange-L discussion forum about the efficacy of this approach for information security.

One person argues strongly that obscurity results in better security. I disagree.....

Read more...
 


Not your copy?
Don't miss an issue!  Subscribe here...

 

 

TEAMSECURITY
If you're looking for ongoing CSO-level guidance at a fraction of the cost of a full-time CSO, talk with us about TeamSecurity!
Learn more....

 

WORTH A READ

How the FBI Hacked into San Bernardino Shooter's iPhone
Details on how the FBI may have been able to get at the encrypted information on the San Bernardino terrorist's cell phone. While I didn't know exactly how it was done, the method I described in a blog post last month is how they likely accomplished the task.
Read more...



US-CERT to Windows Users: Dump Apple Quicktime
I followed this advice. For a nice timeline that strongly indicates that Apple approves, scroll to the middle of comments after the article.
Read more...



9 Years Prision, $1.7 Million Fine for Malicious Insider
I think this fits the definition of a "disgruntled" employee. This IT engineer accessed his former employer's systems, deleted user accounts on servers & laptops, and deleted e-mail accounts. A reminder to remove access for all former employees and make sure they haven't created backdoor accounts.
Read more...



Hacking your Phone
Very troubling. Says all smartphones are easily hackable and there's virtually nothing you can do about it. Describes different ways it can happen, and a demo.
Read more...

 

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.