Tag Archives: security

Guest blogger @ WebSphere User Group

Posted on August 11, 2011 by T.Rob

Ben Wen and I were invited to be guest bloggers at WebSphere User Group this month so the post I was planning for this space was hijacked! You can read it at WebSphere User Group posted as The Invisible Threat.

Posted in News, Publications, WMQ, WMQ Security | Tagged , , , , , , , , | Leave a comment

WMQ Security bulletin site

Posted on January 15, 2011 by T.Rob

Been wondering how to know if your WMQ is up to date for security patches?  Wonder no more!  Just go visit the Security Bulletin for WebSphere MQ page.  The Recommended Fixes page lists all of the Fix Packs and from … Continue reading

Posted in News, WMQ, WMQ Security | Tagged , , , , , , , , , , , | Leave a comment

WebSphere MQ – Coming soon to an audit near you!

Posted on July 4, 2009 by T.Rob

The June 29 episode of The Deep Queue is finally up!  Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday.  Although I’ve … Continue reading

Posted in DeepQueue, Podcast, WMQ Security | Tagged , , , , , , , , , | Leave a comment

New WMQ Channel vulnerability and interim fix announced

Posted on June 5, 2009 by T.Rob

The IBM Internet Security Systems XForce team recently announced a buffer overflow vulnerability in WebSphere MQ client channels.  According to the release, the vulnerability includes the possibility of remotely executing arbitrary code or “causing the application to crash.”  It is … Continue reading

Posted in News, WMQ, WMQ Security | Tagged , , , , | Leave a comment

Deep Queue #11: Security breaches are not news?

Posted on May 25, 2009 by T.Rob

The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast.  The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether … Continue reading

Posted in DeepQueue, Podcast, WMQ, WMQ Security | Tagged , , , , , , | Leave a comment

WANTED DEAD OR ALIVE: WMQ Security exits

Posted on May 15, 2009 by T.Rob

As you know, there are some security functions in WebSphere MQ that require an exit.  By now everyone should be familiar with BlockIP2, the well known channel security exit.  But there are a couple of other requirements that a channel … Continue reading

Posted in WMQ, WMQ Security | Tagged , , , , , | 2 Comments

Wrapping up IMPACT 2009

Posted on May 8, 2009 by T.Rob

Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were … Continue reading

Posted in Events, General, News, WMQ | Tagged , , , , , , , , | Leave a comment

Update to MQ Security Heats Up comment thread

Posted on February 26, 2009 by T.Rob

There’s a comment thread going on over at the “WebSphere MQ Security Heats Up” post regarding the script settings as originally published versus the updates I have posted on this site. RKPowers writes “I am still confused about the +set … Continue reading

Posted in Errata, WMQ, WMQ Security | Tagged , , , , , | Leave a comment

The Deep Queue – Episode #7: Reducing your attack surface

Posted on February 2, 2009 by T.Rob

This installment of The Deep Queue is about improving security by reducing the number of attack vectors that are exposed.  Given two systems with equivalent functionality the one with more exposed attack vectors is said to have a “larger attack … Continue reading

Posted in DeepQueue, Podcast, WMQ, WMQ Security | Tagged , , , , , , , | Leave a comment

Choosing a PCI DSS Auditor? Does WMQ awareness count?

Posted on January 26, 2009 by T.Rob

James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice.  I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ.  Or JMS.  Or “message … Continue reading

Posted in General, News, WMQ Security | Tagged , , , , , | Leave a comment