The link I gave out earlier http://bit.ly/WMQSecurityLab is actually a good link, the problem was that after uploading the files, I neglected to update the index page to point to them. That’s been fixed now and the session materials have been posted. Feel free to give out the short link above or from this page, [...]
Entries Tagged as 'General'
Avoiding insider threat
October 5th, 2009 2 Comments
Passing along this article from Adam Bosnian of Cyber-Ark Software: Practical advice on avoiding the insider threat. The whole article is worth reading but one item stood out: Best Practice #4: Secure Embedded Application Accounts Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users, who accidentally [...]
Tags:
Wrapping up IMPACT 2009
May 8th, 2009 No Comments
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to past conferences, so my feeling [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
When automatic translators go wrong…very wrong!
April 7th, 2009 No Comments
I just found a blog post about WMQ security that has, I believe, been run through an automated translation service with unintentionally hilarious results. Here’s an excerpt: WMQ Adventurer authenticating a connexion to a queue director For both waiter and client hallmark, the queue director demands: The personal credential released to the queue director by [...]
Tags: Humor · WebSphere MQ · WebSphere MQ Security · WMQ Security
Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster
December 2nd, 2008 3 Comments
Certain aspects of service orientation are best served using an IBM® WebSphere® MQ cluster. The cluster provides the location independence, run time resolution of names, and concurrency required by SOA applications. For these reasons, adoption of SOA is driving migrations from point-to-point messaging networks to clustered environments. This article looks at how migration, failover, and [...]
Tags: Best Practices · clustering · SOA · WebSphere MQ · WMQ
Puzzled by WMQ vulnerability advisory
October 2nd, 2008 No Comments
Well, I knew this one was out there but never looked at the CVE for it – there is a memory corruption vulnerability in the WebSphere MQ ( CVE-2007-6044) that is network exploitable. What I can’t figure out is why the Impact and Exploitability scores are both 10. The CVE entry says: NOTE: as of [...]
Tags: advisory · CVE · MITRE · vuln · vulnerability · WMQ · WMQ Security
DQ #2 delayed
September 7th, 2008 No Comments
As those who follow me on Twitter already know, I was in the hospital for several days last week with a really high fever. That has pushed almost everything on my calendar back a week, including episode #2 of The Deep Queue. I tried to work on it tonight but I’m not entirely recovered yet [...]
Upcoming publications
August 22nd, 2008 No Comments
I haven’t blogged much lately because I’m on deadline for a new developerWorks Mission:Messaging column. The next installment discusses changing culture to embrace SOA and how SOA impacts WebSphere MQ prevailing practices. The premise is that migration to SOA is not just a configuration change or a development style but rather a cultural shift at [...]
Tags: developerWorks · News · Podcast
Choosing a PCI DSS Auditor? Does WMQ awareness count?
January 26th, 2009 No Comments
James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice. I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ. Or JMS. Or “message oriented middleware”. While I haven’t been involved in any PCI audits, many of my customers [...]
Tags: audit · Best Practices · commentary · PCI-DSS · security · WMQ Security