Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Botz Security Bytes Newsletter — June 2017



Solving information security problems                               June 2017

Home     |      SSO Services      |      Security Consulting      |       Downloads     |      Contact      


SSO Saves the Day for PCI MFA


June 26, 2017 — You might be scratching your head over the alphabet soup in the title.


Here's the scoop.


The PCI Security Standards Council just expanded Requirement 8.3 into two sub-requirements, 8.3.1 and 8.3.2. These require multi-factor authentication (MFA) for all non-console administrative access to the CDE (8.3.1) and multi-factor authentication for all remote access to the CDE (8.3.2).


Bad news: There's no way to implement MFA — as recommended by PCI guidance — on IBM i!


Good news: Single sign-on,when implemented using Kerberos as with our SSO stat! service, can save the day!




Beyond Heartbleed:

Why OpenSSL is Still “The Most

Dangerous Code in the World”

OpenSSLRemember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? 


Well guess again.


Heartbleed was just a symptom of much deeper issues with OpenSSL.


Perhaps the most dangerous are serious flaws in the API set design and implementation that can, among other things, actually return false positives when validating certificates!


A recent project reminded me that far too many organizations who depend on OpenSSL are still not doing what they need to do to protect themselves.


So, what can you do?......







Not your copy? 
Don't miss an issue! Subscribe here...



In A Guide to Practical Single Sign-On, Patrick Botz explains how you can gain management buy-in to make your users happy and quickly reduce support costs when you evaluate SSO from a business perspective.
Download it here....





OneLogin: Breach Exposed Ability to Decrypt Data
Wow! Especially this quote: "Gartner financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based SSO services, arguing that they are the digital equivalent to an organization putting all of its eggs in one basket".....


KPMG: Cybersecurity Has Reached a ‘Tipping Point’ from Tech to CEO Business Issue
Says that 76% of CEOs see investing in cybersecurity as an "opportunity to innovate and drive new revenue streams." Yet 44% of CEOs say they will not increase their cybersecurity investment. What? This article posits reasons for the disconnect.


Consumer Businesses Have False Confidence in their Security: Deloitte
Who knew? (Pardon the sarcasm.) While 76% of execs are highly confident that they can respond to a cybersecurity incident, 82% have not documented or tested their incident response plans within the past year!


NSA Brute-Force Keysearch Machine
"WindsorGreen" is being built for the NSA with the help of New York University and IBM. Replaces "WindsorBlue" and is said to be very good at compromising encryption and passwords. Hopefully, they use it only against foreign nations and non-US citizens.


BOTZ & Associates, Inc.    |    Rochester, MN 55903    |    1.507.319.5206    |    This email address is being protected from spambots. You need JavaScript enabled to view it.