Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — February 2015



Solving information security problems                           February 2015

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      


Access Control: What Most

Developers Don’t Know Can

Compromise Security

Access ControlFebruary 9, 2015 — Your long-time IBM i (AS/400, iSeries, IBM System i, etc.) programmers understand the details of how the system checks authority, right? I bet they don’t!


It’s the authority of the JOB that really matters.


Why am I prodding this hornet’s nest?


When developers rely on users having explicit authority to objects (via default authority or explicitly through their user profile or associated groups), it becomes virtually impossible for administrators to properly protect sensitive objects like the credit card file.


However, when the mechanisms discussed in this article are used, users can successfully run the payroll application without being able to access the payroll file directly through......




Calculating the Real Cost of

Security Projects — Part 2

Hidden CostsLast month I discussed how to calculate the cost of a security-related project and how to compare different solutions for a given security-related project or issue.


There are 3 different things you need to calculate to accomplish this:

  1. Current cost of performing or managing the security-related task or tasks being addressed by the project
  2. Overall cost of the proposed solution or solutions
  3. Return on investment (ROI) for each of the proposed solutions.


That first post covered the first item in this list. This post covers the remaining two items......



Not your copy? 
Don't miss an issue!  Subscribe here..




This 1-hour on-demand webinar explains how to integrate authentication across applications and environments — Windows, IBM i, Unix, Linux, Apache, WAS — using a fresh "Managed Services" approach that brings single sign-on within easy reach of nearly any organization.
Watch the webinar...


Top Security News

9 Common Security Awareness Mistakes (and how to Fix Them) 
Some good non-technical, security policy-level advice on how organizations can fix these common mistakes. 


Kim Dotcom launches end-to-end encrypted voice chat ‘Skype killer’
Kim Dotcom's company is adding a new service to compete with Skype. Its differentiation is that the conversation is encrypted and decrypted at the application layer so even if your online service provider is working with the NSA, the conversation will be private. Or so they claim. Without understanding how they have implemented the encryption and manage key sharing, nobody can know how well it protects against potential eavesdroppers —especially the NSA.


VIPRE Security News
Contains a couple of decent, short articles including "6 Ways to Secure Those New Holiday Devices," "What Are Rootkits and Botnets?" and "8 Ways to Protect Your Privacy."


Discusses new malware that has existed since at least 2008, suspected to have been created by the US gov't. How did several antivirus companies who say they've tracked it for a year or years come to the seemingly independent decisions not to disclose the existence of Regin until few months ago?

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.