Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — February 2015

BOTZ


SECURITY BYTES


Solving information security problems                           February 2015

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      

 

Access Control: What Most

Developers Don’t Know Can

Compromise Security


Access ControlFebruary 9, 2015 — Your long-time IBM i (AS/400, iSeries, IBM System i, etc.) programmers understand the details of how the system checks authority, right? I bet they don’t!

 

It’s the authority of the JOB that really matters.

 

Why am I prodding this hornet’s nest?

 

When developers rely on users having explicit authority to objects (via default authority or explicitly through their user profile or associated groups), it becomes virtually impossible for administrators to properly protect sensitive objects like the credit card file.

 

However, when the mechanisms discussed in this article are used, users can successfully run the payroll application without being able to access the payroll file directly through......

 

Read more...


 

Calculating the Real Cost of

Security Projects — Part 2


Hidden CostsLast month I discussed how to calculate the cost of a security-related project and how to compare different solutions for a given security-related project or issue.

 


There are 3 different things you need to calculate to accomplish this:

  1. Current cost of performing or managing the security-related task or tasks being addressed by the project
     
  2. Overall cost of the proposed solution or solutions
     
  3. Return on investment (ROI) for each of the proposed solutions.

 

That first post covered the first item in this list. This post covers the remaining two items......

 

Read more...
 



Not your copy? 
Don't miss an issue!  Subscribe here..

    

 

SSO IN A DAY

This 1-hour on-demand webinar explains how to integrate authentication across applications and environments — Windows, IBM i, Unix, Linux, Apache, WAS — using a fresh "Managed Services" approach that brings single sign-on within easy reach of nearly any organization.
Watch the webinar...

 

Top Security News

9 Common Security Awareness Mistakes (and how to Fix Them) 
Some good non-technical, security policy-level advice on how organizations can fix these common mistakes. 
Read more...
 

 

Kim Dotcom launches end-to-end encrypted voice chat ‘Skype killer’
Kim Dotcom's company is adding a new service to compete with Skype. Its differentiation is that the conversation is encrypted and decrypted at the application layer so even if your online service provider is working with the NSA, the conversation will be private. Or so they claim. Without understanding how they have implemented the encryption and manage key sharing, nobody can know how well it protects against potential eavesdroppers —especially the NSA.
Read more...
 

 

VIPRE Security News
Contains a couple of decent, short articles including "6 Ways to Secure Those New Holiday Devices," "What Are Rootkits and Botnets?" and "8 Ways to Protect Your Privacy."
Read more...
 

 

Regin
Discusses new malware that has existed since at least 2008, suspected to have been created by the US gov't. How did several antivirus companies who say they've tracked it for a year or years come to the seemingly independent decisions not to disclose the existence of Regin until few months ago?
Read more...
 

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.