Author Archives: Patrick Botz

If you didn’t read the April issue of IBM Systems Magazine, then you missed a great case study about how Arkansas Electric Cooperative Corporation (AECC) enabled single sign-on for iPad users. The beauty of it is that they simply tweaked … Continue reading

Posted in Mobile Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

— A Developer’s Guide to Security Considerations for Modernization Projects — The number of IBM i applications that have been around for decades is truly amazing. It’s a testimony to the technology and vision IBM built into the platform. But … Continue reading

Posted in Info Security Mgmt | Tagged , , , | Leave a comment

While my kids were growing up I always told them that there was nothing more valuable than an education. As they were entering college just a couple of years ago, I was reminded that earning a graduate degree was an … Continue reading

Posted in Announcement, Info Security Mgmt | Tagged , , , | Leave a comment

— Take Steps to Protect Your Systems Until Then — The ubiquitous, hardware-related Spectre and Meltdown security flaws surprised many in the IBM i community. Who would have thought that the IBM i platform is just as susceptible to these … Continue reading

Posted in IBM i Security, Security Breach | Tagged , , , | Leave a comment

You might be scratching your head over the alphabet soup in the title. Here’s the deal. Under Requirement 8: Identify and authenticate access to system components, PCI DSS defines requirements for those accessing systems that contain cardholder data that are … Continue reading

Posted in Compliance, Single Sign-On (SSO), Two Factor Authentication | Tagged , , , , , , , | Leave a comment

Remember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? Well guess again. Heartbleed was just a symptom of much deeper issues with OpenSSL. Perhaps the most dangerous are … Continue reading

Posted in IBM i Security | Tagged , , | Leave a comment

Recently a customer told me that some of their users access the IBM i internally with iPads through the Safari browser talking to the Apache Web server.  Even though the Web server application is configured to accept Kerberos, the iPad … Continue reading

Posted in Password Management, Single Sign-On (SSO) | Tagged , , , | Leave a comment

February 23, 2017, Google announced they had successfully exploited a known vulnerability in the widely-used SHA-1 hash algorithm. This is important because hash algorithms are used to create digital signatures.

Posted in Announcement, Information Security, Security Breach | Tagged , , , | Leave a comment

Recently, I was talking to a system administrator who said “We’re moving to the cloud. They’ll be responsible for security.” I was a bit startled to hear this. Not because of the first sentence; because of the second.

Posted in Cloud Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

Back in the ‘80s, President Reagan said of a missile treaty with the Soviet Union, “Trust, but Verify.” That phrase is very apt for information security too; especially as it relates to securing data on your internal systems.

Posted in IBM i Security, Info Security Mgmt, User Authority | Tagged , , , , | Leave a comment