Given that software currently enables or imperils most aspects of our buying, selling, and communicating, it is time that responsible people acknowledge that this is a massive problem, and stop looking in the opposite direction. “See No Evil” is not a strategy. [Read the full article on Network World.] Nice to see this sentiment showing [...]
Entries from January 26th, 2009
Must-read article – Secure Software: ‘See No Evil’ is Not a Strategy
January 23rd, 2009 No Comments
Tags: Architecture · design · development · News · security · software · vulnerabilities
developerWorks live chat on WMQ
January 15th, 2009 No Comments
developerWorks is hosting a live text chat at Noon Eastern US time on January 22nd on the topic of WMQ Best Practices. The panel will include some folks from the WebSphere MQ online community that you may know: Chris Frank, Peter Potkay and myself. If you have any questions about WebSphere MQ that you haven’t [...]
Tags: Best Practices · developerWorks · Events · IBM · News · Recommended Practices · WebSphere MQ · WMQ
Whoops! Podcast audio restored.
January 14th, 2009 No Comments
Hmmm…maybe I need to take Andy Piper’s advice and switch my WordPress plugins. Sure, I’ll blame it on PodPress – as if! Well, some of you may have noticed that Episode #6 of The Deep Queue was a PDF, depending on where you subscribed. I recently added a transcript of the show at the request [...]
Tags:
Signed C&C messages? What a novel idea!
January 8th, 2009 No Comments
I’ve been saying for a while now that Command and Control messages to be signed. It’s a question of authentication. When you pass a message to perform an administrative action, what assurance do you have that the message got to the destination unchanged? For example, if the message contains credentials such as a user ID, [...]
Tags: crypto · DNS · DNSSEC · News · security · SSL · WMQ · WMQ Security
The Deep Queue – Episode #6: The Myth of the Trusted Internal Network
January 1st, 2009 1 Comment
In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth. Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend to protect against malicious attacks. Except the incidents in question are not usually malicious, they [...]
The Deep Queue - Episode #6: The Myth of the Trusted Internal Network [31:20m]: Play Now | Play in Popup | Download
Deep Queue Episode #6 Transcript: DownloadTags: commentary · DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Choosing a PCI DSS Auditor? Does WMQ awareness count?
January 26th, 2009 No Comments
James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice. I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ. Or JMS. Or “message oriented middleware”. While I haven’t been involved in any PCI audits, many of my customers [...]
Tags: audit · Best Practices · commentary · PCI-DSS · security · WMQ Security