The IBM Internet Security Systems XForce team recently announced a buffer overflow vulnerability in WebSphere MQ client channels. According to the release, the vulnerability includes the possibility of remotely executing arbitrary code or “causing the application to crash.” It is not clear whether “application” in this case refers to the channel agent, channel pooling process [...]
Entries Tagged as 'WebSphere MQ'
New WMQ Channel vulnerability and interim fix announced
June 5th, 2009 No Comments
Tags: News · security · WebSphere MQ · WMQ · WMQ Security
Deep Queue #11: Security breaches are not news?
May 25th, 2009 No Comments
The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast. The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether the breach was in fact newsworthy. If you are not familiar with it, 160,000 Social [...]
Deep Queue #11: Transcript: DownloadTags: DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
WANTED DEAD OR ALIVE: WMQ Security exits
May 15th, 2009 2 Comments
As you know, there are some security functions in WebSphere MQ that require an exit. By now everyone should be familiar with BlockIP2, the well known channel security exit. But there are a couple of other requirements that a channel exit can’t meet. In this post I’ll describe what those are and post some specs [...]
Tags: Best Practices · design · security · WebSphere MQ · WMQ · WMQ Security
Wrapping up IMPACT 2009
May 8th, 2009 No Comments
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to past conferences, so my feeling [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
The Deep Queue – Episode #10: Cash in on mortgaged risk!
May 2nd, 2009 No Comments
No, that’s not mortgage risk. Someone’s already done that and look where it got us. No,I’m talking about mortgaged risk – the act of saving time or money by accepting risk that is hard to measure but easy to hide or ignore. The risk is essentially a mortgage on your future. A hidden cost that [...]
Deep Queue #10: Transcript: DownloadTags: DeepQueue · Events · IBM · IBMIMPACT · Podcast · WebSphere MQ · WMQ Security
Schedule for IMPACT
April 28th, 2009 No Comments
This post is really more for me than anyone else. I’ll be at IMPACT 2009 next week and need a handy place to track my schedule. Sunday: 16:00 – 17:00 Premium Support Welcome Reception Venetian’s Orchid Restaurant Monday: 11:00 – 12:15 TMC-1054A Basic WMQ Security Delfino 4101B Tuesday: 07:15 – 08:15 Breakfast meeting w/customer [...]
Tags: Events · IBMIMPACT · News · WebSphere MQ
Administering FTE from stand-alone explorer
April 16th, 2009 No Comments
Rich Cumbers posted a mini how-to describing the procedure to install the WMQ File Transfer Edition plug-in into the stand-alone WebSphere MQ Explorer. Should be very useful.
WMQ Humor
April 14th, 2009 1 Comment
Resurrecting something I wrote back in 2003 over a lunch break: MQ Message pick-up lines… Your queue or mine? What’s your sign-bit? Is that a COA in your message descriptor, or are you just glad to see me? What’s a message like you doing in a queue like this? You look like you’ve got a [...]
Tags: Humor · WebSphere MQ · WMQ
Slides for PCI Knowledgebase webinar posted
April 13th, 2009 3 Comments
Join me Wednesday April 15th @ Noon Eastern for a webinar hosted by the fine folks at PCI Knowledgebase.com on the topic of WebSphere MQ for QSA’s. Register for the webinar at this link. The slides have been posted here.
Tags: Events · News · PCI PCI-DSS · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
WebSphere MQ – Coming soon to an audit near you!
July 4th, 2009 No Comments
The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve got a great recording setup at home, I’m afraid I don’t have decent equipment to [...]
Tags: Admin · Best Practices · commentary · DeepQueue · News · Podcast · security · WebSphere MQ · WMQ · WMQ Security