The IBM Internet Security Systems XForce team recently announced a buffer overflow vulnerability in WebSphere MQ client channels. According to the release, the vulnerability includes the possibility of remotely executing arbitrary code or “causing the application to crash.” It is not clear whether “application” in this case refers to the channel agent, channel pooling process [...]
Entries Tagged as 'News'
New WMQ Channel vulnerability and interim fix announced
June 5th, 2009 No Comments
Tags: News · security · WebSphere MQ · WMQ · WMQ Security
Wrapping up IMPACT 2009
May 8th, 2009 No Comments
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to past conferences, so my feeling [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Schedule for IMPACT
April 28th, 2009 No Comments
This post is really more for me than anyone else. I’ll be at IMPACT 2009 next week and need a handy place to track my schedule. Sunday: 16:00 – 17:00 Premium Support Welcome Reception Venetian’s Orchid Restaurant Monday: 11:00 – 12:15 TMC-1054A Basic WMQ Security Delfino 4101B Tuesday: 07:15 – 08:15 Breakfast meeting w/customer [...]
Tags: Events · IBMIMPACT · News · WebSphere MQ
Administering FTE from stand-alone explorer
April 16th, 2009 No Comments
Rich Cumbers posted a mini how-to describing the procedure to install the WMQ File Transfer Edition plug-in into the stand-alone WebSphere MQ Explorer. Should be very useful.
Slides for PCI Knowledgebase webinar posted
April 13th, 2009 3 Comments
Join me Wednesday April 15th @ Noon Eastern for a webinar hosted by the fine folks at PCI Knowledgebase.com on the topic of WebSphere MQ for QSA’s. Register for the webinar at this link. The slides have been posted here.
Tags: Events · News · PCI PCI-DSS · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Webinar: WMQ Security for QSA’s April 15th
April 7th, 2009 3 Comments
I will be presenting a webinar on April 15th, hosted by the fine folks at PCI Knowledgebase. The purpose of the webinar will be to introduce Qualified Security Assessors, or QSA’s as they are known, to the concept of WebSphere MQ and give them tools to audit the configurations. If you have read anything I’ve [...]
Tags: News · presentation · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
The Deep Queue – Episode #8: The good news and the bad news
February 27th, 2009 1 Comment
This episode of The Deep Queue contains news about the new MSoT stand-alone WMQ Explorer SupportPac, yet another payment processor data breach, updates to some items we’ve covered in the past and breaking news about a WebSphere MQ interim fix that many people will want to take a close look at.
Deep Queue #8: Transcript: DownloadTags: DeepQueue · IBM · News · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ FTE · WMQ Security
MSoT: Stand-alone MQ Explorer download
February 27th, 2009 No Comments
More good news for WMQ users! WMQ Explorer is now available as a Category 3 SupportPac, which means it is free, can be downloaded separate from the install media and is supported for customers with a valid WebSphere MQ license. Here’s an excerpt from the internal email announcing this: I’m pleased to announce that SupportPac [...]
Tags: News · WebSphere MQ · WMQ · WMQ FTE
The Deep Queue – Episode #7: Reducing your attack surface
February 2nd, 2009 No Comments
This installment of The Deep Queue is about improving security by reducing the number of attack vectors that are exposed. Given two systems with equivalent functionality the one with more exposed attack vectors is said to have a “larger attack surface”. As I explain in the podcast, having a smaller attack surface doesn’t automatically result [...]
Deep Queue #7: Transcript: DownloadTags: DeepQueue · News · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
WebSphere MQ – Coming soon to an audit near you!
July 4th, 2009 No Comments
The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve got a great recording setup at home, I’m afraid I don’t have decent equipment to [...]
Tags: Admin · Best Practices · commentary · DeepQueue · News · Podcast · security · WebSphere MQ · WMQ · WMQ Security