Category Archives: General

If it doesn’t fit somewhere else…

Encrypting passwords in config files – secure or not?

Posted on October 24, 2011 by T.Rob

Not long ago a colleague told me he wished that he could use a .kdb format keystore for his Java applications.  When I inquired as to why, he said he liked that the .kdb includes the ability to stash an … Continue reading

Posted in General, WMQ Security | 2 Comments

Posted WMQ v7.1 “What’s New” presentation

Posted on October 11, 2011 by T.Rob

The much-awaited “What’s New in WMQ v7.1″ session has been surrounded by technical issues.  On the first day of the conference it was completely omitted from the agenda.  The repeat is listed on the agenda with the wrong title.  Today … Continue reading

Posted in General | Leave a comment

WSTC 2011 WMQ/WMB presentations

Posted on October 6, 2011 by T.Rob

The WebSphere MQ and WebSphere Message Broker presentations scheduled for the 2011 WebSphere Technical Conference in Berlin next week are listed after the break. When I’m not presenting or meeting you can probably find me in one of the security-related … Continue reading

Posted in Events, General | Leave a comment

Lab materials actually posted this time!

Posted on May 5, 2010 by T.Rob

The link I gave out earlier http://bit.ly/WMQSecurityLab is actually a good link, the problem was that after uploading the files, I neglected to update the index page to point to them.  That’s been fixed now and the session materials have … Continue reading

Posted in General | Leave a comment

Avoiding insider threat

Posted on October 5, 2009 by T.Rob

Passing along this article from Adam Bosnian of Cyber-Ark Software: Practical advice on avoiding the insider threat.  The whole article is worth reading but one item stood out: Best Practice #4: Secure Embedded Application Accounts Up to 80 percent of … Continue reading

Posted in General | 2 Comments

Wrapping up IMPACT 2009

Posted on May 8, 2009 by T.Rob

Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were … Continue reading

Posted in Events, General, News, WMQ | Tagged , , , , , , , , | Leave a comment

When automatic translators go wrong…very wrong!

Posted on April 7, 2009 by T.Rob

I just found a blog post about WMQ security that has, I believe, been run through an automated translation service with unintentionally hilarious results.   Here’s an excerpt: WMQ Adventurer authenticating a connexion to a queue director For both waiter and … Continue reading

Posted in General, Humor, WMQ, WMQ Security | Tagged , , , | Leave a comment

Choosing a PCI DSS Auditor? Does WMQ awareness count?

Posted on January 26, 2009 by T.Rob

James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice.  I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ.  Or JMS.  Or “message … Continue reading

Posted in General, News, WMQ Security | Tagged , , , , , | Leave a comment

Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster

Posted on December 2, 2008 by T.Rob

Certain aspects of service orientation are best served using an IBM® WebSphere® MQ cluster. The cluster provides the location independence, run time resolution of names, and concurrency required by SOA applications. For these reasons, adoption of SOA is driving migrations … Continue reading

Posted in General, Publications, WMQ | Tagged , , , , | 5 Comments

Puzzled by WMQ vulnerability advisory

Posted on October 2, 2008 by T.Rob

Well, I knew this one was out there but never looked at the CVE for it – there is a memory corruption vulnerability in the WebSphere MQ ( CVE-2007-6044) that is network exploitable.  What I can’t figure out is why … Continue reading

Posted in General, WMQ, WMQ Security | Tagged , , , , , , | Leave a comment