The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast. The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether the breach was in fact newsworthy. If you are not familiar with it, 160,000 Social [...]
Deep Queue #11: Transcript: DownloadTags: DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
No, that’s not mortgage risk. Someone’s already done that and look where it got us. No,I’m talking about mortgaged risk – the act of saving time or money by accepting risk that is hard to measure but easy to hide or ignore. The risk is essentially a mortgage on your future. A hidden cost that [...]
Deep Queue #10: Transcript: DownloadTags: DeepQueue · Events · IBM · IBMIMPACT · Podcast · WebSphere MQ · WMQ Security
This episode of The Deep Queue takes its inspiration from the thousandth time I was asked how to “turn on MQ security”. Yes, that’s right, the thousandth time. At least since I’ve been counting. There were perhaps half a thousand instances before I started keeping track. Unlike being the millionth customer at the local hair [...]
Deep Queue #9: Transcript: DownloadTags: DeepQueue · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
This episode of The Deep Queue contains news about the new MSoT stand-alone WMQ Explorer SupportPac, yet another payment processor data breach, updates to some items we’ve covered in the past and breaking news about a WebSphere MQ interim fix that many people will want to take a close look at.
Deep Queue #8: Transcript: DownloadTags: DeepQueue · IBM · News · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ FTE · WMQ Security
This installment of The Deep Queue is about improving security by reducing the number of attack vectors that are exposed. Given two systems with equivalent functionality the one with more exposed attack vectors is said to have a “larger attack surface”. As I explain in the podcast, having a smaller attack surface doesn’t automatically result [...]
Deep Queue #7: Transcript: DownloadTags: DeepQueue · News · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth. Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend to protect against malicious attacks. Except the incidents in question are not usually malicious, they [...]
The Deep Queue - Episode #6: The Myth of the Trusted Internal Network [31:20m]: Play Now | Play in Popup | Download Deep Queue Episode #6 Transcript: DownloadTags: commentary · DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
In this installment we answer an email from a listener asking about channel authentication. The requirement is for a channel exit pair that exchanges credentials securely then falls back to a plaintext channel. In the second segment we talk about message types and how ignoring them opens up a vulnerability in your application. Andy Piper [...]
In this episode of The Deep Queue I propose something I’m calling “ethical administration”. Most people have heard of ethical hacking – doing what the bad guys do on behalf of and in cooperation with the good guys. Ethical administration as I have imagined it is acting like the good guys on behalf of the [...]
Tags: DeepQueue · Podcast · WMQ · WMQ Security
I just uploaded the second episode of The Deep Queue. This episode expands on my recent Mission:Messaging column and also discusses some nuances of working with FIPS compliance in WebSphere MQ. The next episode is scheduled for October 6th. Between now and then I have a large Extended Security Edition gig, a security assessment and [...]
Tags: DeepQueue · Podcast · WMQ Security
WebSphere MQ – Coming soon to an audit near you!
July 4th, 2009 No Comments
The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve got a great recording setup at home, I’m afraid I don’t have decent equipment to [...]
Tags: Admin · Best Practices · commentary · DeepQueue · News · Podcast · security · WebSphere MQ · WMQ · WMQ Security