Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — September 2015

BOTZ


SECURITY BYTES


Solving information security problems                           September 2015

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      

 

5 Easy Ways to Break Your SSO

System — And How to Fix It


HA for SSOSeptember 9, 2015 — Single sign-on (SSO) implementations tend to be very stable — unless you make specific system changes without planning ahead.

 

Over the years, I’ve seen a handful of problems occur more often than any others. None of the problems are complicated or costly to fix, although they can be difficult to diagnose for those who don’t regularly deal with the intricacies of the Kerberos protocol and identity mapping.

 

Here are the top 5 causes of SSO disruption......

 

Read more...

 

A Better Way to Define Your Own

Special Authorities


SSO stat!

We all know about special authorities, right? Defined by the IBM i operating system, they include *ALLOBJ, *AUDIT, *JOBCTL, *IOSYSCFG, *SAVSYS, *SERVICE, *SECADM and *SPLCTL.

 

A few months ago I wrote about a set of IBM i APIs and commands that allow you to define ad hoc special authorities in your programs. That post focused on the actual commands and APIs, and you might have been left thinking “Yeah, but why would I want to do it that way?”

 

There are several advantages to using “system-supported” special authorities, primarily due to the fact that the operating system does a lot of the work for you and provides administrative interfaces so system administrators can assign and revoke authorities.....

 

Read more...
 

 

Not your copy? 
Don't miss an issue!  Subscribe here...
 

 

WHITE PAPER
In A Guide to Practical Single Sign-On, Patrick Botz explains how you can quickly reduce password costs when you approach SSO from a business perspective rather than a technology perspective.
Download it here....

 

 

WORTH A READ

 

Did IBM i Just Get Hacked at DEF CON?
This article describes claims made at a recent DEF CON conference related to hacking the IBM i, as well as an analysis of those claims by Carol Woodbury.
Read more...

 


Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices
A quite versatile piece of malware that steals data, makes fraudulent purchases, and has some ransomware to boot, KeyRaider has stolen 225,000 Apple accounts -- but it apparently only works, or can only be installed on, "jailbroken" devices. One more reason not to tamper with the base OS on any of your systems or devices.
Read more...

 


FBI: $1.2B Lost to Business Email Scams
The FBI recently sounded the alarm about the growing threat of the "CEO fraud" scam. It results in fraudulent wire transfers going to a reported 72 different countries. Usually starts with a phishing attack and then gains access to that individual's email account.
Read more...

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.