Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — January 2017



Solving information security problems                          January 2017

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      


The Best of Botz Security Bytes 2016


BEST OF 2016January 12, 2017 — I thought it would be interesting to take a quick look at the most popular Security Bytes posts from 2016 as my first post of 2017. And it was!


This summary includes links to the Top 5 of 2016, plus the most popular post in 2016 from a previous year AND our 2 most popular posts of all time.


Did you catch all of these the first time around?


Drum roll please.....





FAQ:  Single Sign On & SSO stat!


Single Sign On

In evaluating our most-read posts from 2016, I was somewhat surprised to see how many single sign on-related articles appeared on the list. Plus an SSO Q&A log from a webcast we did back in 2014 continues to rank in our most-read posts.


It's true that SSO often uses technologies that are not within the typical IBM i pro's skillset, such as Kerberos and Enterprise Identity Mapping. And you have to know if your applications support single sign on.


In any event, this inspired me to create a living FAQ that will be updated regularly for SSO and our managed SSO service, SSO stat! In this initial cut we cover things such as: 


  • Does single sign-on work with web server applications?
  • Is HA role swap possible with SSO?
  • Do we need special software?
  • Can SSO be achieved between Java Web applications?




Not your copy? 
Don't miss an issue! Subscribe here...




In A Guide to Practical Single Sign-On, Patrick Botz explains how you can quickly reduce password costs when you approach SSO from a business perspective rather than a technology perspective.
Download it here....




Ransomware Rising On The Plant Floor
Did anyone think that ransomware would only be targeted at health care organizations? Think about what would happen if your power company was successfully attacked by ransomeware...


The Sorry State Of Cybersecurity Awareness Training
Subtitle: "Rules aren't really rules if breaking them has no consequences."
Amen to this! One of the messages that doesn't get publicized much anymore. It's not technology that fails in most successful attacks; it's people!.


Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed
So much of this is just plain unacceptable. First, developers and admins who use Internet-facing MongoDB databases should be informed by this time about the ease of misconfiguring MongoDB. Second, of course the bad guys ARE paying attention — and taking advantage of the situation. Third, many who pay the ransom are unable to retrieve their data anyway!


Permission to Simplify
Security doesn't have to be complicated to be effective. In fact, complexity more often reduces effectiveness!

BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.