The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast. The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether the breach was in fact newsworthy. If you are not familiar with it, 160,000 Social [...]
Deep Queue #11: Transcript: DownloadTags: DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to past conferences, so my feeling [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Join me Wednesday April 15th @ Noon Eastern for a webinar hosted by the fine folks at PCI Knowledgebase.com on the topic of WebSphere MQ for QSA’s. Register for the webinar at this link. The slides have been posted here.
Tags: Events · News · PCI PCI-DSS · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
I will be presenting a webinar on April 15th, hosted by the fine folks at PCI Knowledgebase. The purpose of the webinar will be to introduce Qualified Security Assessors, or QSA’s as they are known, to the concept of WebSphere MQ and give them tools to audit the configurations. If you have read anything I’ve [...]
Tags: News · presentation · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
I just found a blog post about WMQ security that has, I believe, been run through an automated translation service with unintentionally hilarious results. Here’s an excerpt: WMQ Adventurer authenticating a connexion to a queue director For both waiter and client hallmark, the queue director demands: The personal credential released to the queue director by [...]
Tags: Humor · WebSphere MQ · WebSphere MQ Security · WMQ Security
This episode of The Deep Queue takes its inspiration from the thousandth time I was asked how to “turn on MQ security”. Yes, that’s right, the thousandth time. At least since I’ve been counting. There were perhaps half a thousand instances before I started keeping track. Unlike being the millionth customer at the local hair [...]
Deep Queue #9: Transcript: DownloadTags: DeepQueue · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
This episode of The Deep Queue contains news about the new MSoT stand-alone WMQ Explorer SupportPac, yet another payment processor data breach, updates to some items we’ve covered in the past and breaking news about a WebSphere MQ interim fix that many people will want to take a close look at.
Deep Queue #8: Transcript: DownloadTags: DeepQueue · IBM · News · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ FTE · WMQ Security
There’s a comment thread going on over at the “WebSphere MQ Security Heats Up” post regarding the script settings as originally published versus the updates I have posted on this site. RKPowers writes “I am still confused about the +set option on the QMgr. I think what you are saying is that we need to [...]
Tags: Errata · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
This installment of The Deep Queue is about improving security by reducing the number of attack vectors that are exposed. Given two systems with equivalent functionality the one with more exposed attack vectors is said to have a “larger attack surface”. As I explain in the podcast, having a smaller attack surface doesn’t automatically result [...]
Deep Queue #7: Transcript: DownloadTags: DeepQueue · News · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
The Deep Queue – Episode #6: The Myth of the Trusted Internal Network
January 1st, 2009 1 Comment
In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth. Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend to protect against malicious attacks. Except the incidents in question are not usually malicious, they [...]
Tags: commentary · DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security