Passing along this article from Adam Bosnian of Cyber-Ark Software: Practical advice on avoiding the insider threat. The whole article is worth reading but one item stood out:
Best Practice #4: Secure Embedded Application Accounts
Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users, who accidentally or deliberately [...]
Entries Tagged as 'General'
Avoiding insider threat
October 5th, 2009 2 Comments
Tags:
Wrapping up IMPACT 2009
May 8th, 2009 No Comments
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
When automatic translators go wrong…very wrong!
April 7th, 2009 No Comments
I just found a blog post about WMQ security that has, I believe, been run through an automated translation service with unintentionally hilarious results. Here’s an excerpt:
WMQ Adventurer authenticating a connexion to a queue director
For both waiter and client hallmark, the queue director demands:
The personal credential released to the queue director by it Holds [...]
Tags: Humor · WebSphere MQ · WebSphere MQ Security · WMQ Security
Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster
December 2nd, 2008 3 Comments
Certain aspects of service orientation are best served using an IBM® WebSphere® MQ cluster. The cluster provides the location independence, run time resolution of names, and concurrency required by SOA applications. For these reasons, adoption of SOA is driving migrations from point-to-point messaging networks to clustered environments. This article looks at how migration, failover, and [...]
Tags: Best Practices · clustering · SOA · WebSphere MQ · WMQ
Puzzled by WMQ vulnerability advisory
October 2nd, 2008 No Comments
Well, I knew this one was out there but never looked at the CVE for it – there is a memory corruption vulnerability in the WebSphere MQ ( CVE-2007-6044) that is network exploitable. What I can’t figure out is why the Impact and Exploitability scores are both 10. The CVE entry says:
NOTE: as of 20071116, [...]
Tags: advisory · CVE · MITRE · vuln · vulnerability · WMQ · WMQ Security
DQ #2 delayed
September 7th, 2008 No Comments
As those who follow me on Twitter already know, I was in the hospital for several days last week with a really high fever. That has pushed almost everything on my calendar back a week, including episode #2 of The Deep Queue. I tried to work on it tonight but I’m not entirely recovered yet [...]
Upcoming publications
August 22nd, 2008 No Comments
I haven’t blogged much lately because I’m on deadline for a new developerWorks Mission:Messaging column. The next installment discusses changing culture to embrace SOA and how SOA impacts WebSphere MQ prevailing practices. The premise is that migration to SOA is not just a configuration change or a development style but rather a cultural shift at [...]
Tags: developerWorks · News · Podcast
Choosing a PCI DSS Auditor? Does WMQ awareness count?
January 26th, 2009 No Comments
James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice. I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ. Or JMS. Or “message oriented middleware”. While I haven’t been involved in any PCI audits, many of my customers [...]
Tags: audit · Best Practices · commentary · PCI-DSS · security · WMQ Security