The IBM Internet Security Systems XForce team recently announced a buffer overflow vulnerability in WebSphere MQ client channels. According to the release, the vulnerability includes the possibility of remotely executing arbitrary code or “causing the application to crash.” It is not clear whether “application” in this case refers to the channel agent, channel pooling process [...]
Entries Tagged as 'WMQ Security'
New WMQ Channel vulnerability and interim fix announced
June 5th, 2009 No Comments
Tags: News · security · WebSphere MQ · WMQ · WMQ Security
Deep Queue #11: Security breaches are not news?
May 25th, 2009 No Comments
The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast. The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether the breach was in fact newsworthy. If you are not familiar with it, 160,000 Social [...]
Deep Queue #11: Security breaches are not news? [30:00m]: Play Now | Play in Popup | Download
Deep Queue #11: Transcript: DownloadTags: DeepQueue · Podcast · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
WANTED DEAD OR ALIVE: WMQ Security exits
May 15th, 2009 2 Comments
As you know, there are some security functions in WebSphere MQ that require an exit. By now everyone should be familiar with BlockIP2, the well known channel security exit. But there are a couple of other requirements that a channel exit can’t meet. In this post I’ll describe what those are and post some specs [...]
Tags: Best Practices · design · security · WebSphere MQ · WMQ · WMQ Security
Wrapping up IMPACT 2009
May 8th, 2009 No Comments
Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were well attended. Even the small rooms were large, compared to [...]
Tags: Conferences · Events · General · News · security · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
The Deep Queue – Episode #10: Cash in on mortgaged risk!
May 2nd, 2009 No Comments
No, that’s not mortgage risk. Someone’s already done that and look where it got us. No,I’m talking about mortgaged risk – the act of saving time or money by accepting risk that is hard to measure but easy to hide or ignore. The risk is essentially a mortgage on your future. A hidden cost that [...]
Deep Queue #10: Cash in on mortgaged risk! [21:08m]: Play Now | Play in Popup | Download Deep Queue #10: Transcript: DownloadTags: DeepQueue · Events · IBM · IBMIMPACT · Podcast · WebSphere MQ · WMQ Security
Slides for PCI Knowledgebase webinar posted
April 13th, 2009 3 Comments
Join me Wednesday April 15th @ Noon Eastern for a webinar hosted by the fine folks at PCI Knowledgebase.com on the topic of WebSphere MQ for QSA’s. Register for the webinar at this link. The slides have been posted here.
Tags: Events · News · PCI PCI-DSS · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
Webinar: WMQ Security for QSA’s April 15th
April 7th, 2009 3 Comments
I will be presenting a webinar on April 15th, hosted by the fine folks at PCI Knowledgebase. The purpose of the webinar will be to introduce Qualified Security Assessors, or QSA’s as they are known, to the concept of WebSphere MQ and give them tools to audit the configurations.
If you have read anything I’ve [...]
Tags: News · presentation · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
When automatic translators go wrong…very wrong!
April 7th, 2009 No Comments
I just found a blog post about WMQ security that has, I believe, been run through an automated translation service with unintentionally hilarious results. Here’s an excerpt:
WMQ Adventurer authenticating a connexion to a queue director
For both waiter and client hallmark, the queue director demands:
The personal credential released to the queue director by it Holds [...]
Tags: Humor · WebSphere MQ · WebSphere MQ Security · WMQ Security
The Deep Queue – Episode #9: Going postal about WMQ security
April 2nd, 2009 No Comments
This episode of The Deep Queue takes its inspiration from the thousandth time I was asked how to “turn on MQ security”. Yes, that’s right, the thousandth time. At least since I’ve been counting. There were perhaps half a thousand instances before I started keeping track. Unlike being the millionth customer at the local hair [...]
Deep Queue #9: Going postal about security [20:49m]: Play Now | Play in Popup | Download Deep Queue #9: Transcript: DownloadTags: DeepQueue · Podcast · WebSphere MQ · WebSphere MQ Security · WMQ · WMQ Security
WebSphere MQ – Coming soon to an audit near you!
July 4th, 2009 No Comments
The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve got a great recording setup at home, I’m afraid I don’t have decent equipment to [...]
Tags: Admin · Best Practices · commentary · DeepQueue · News · Podcast · security · WebSphere MQ · WMQ · WMQ Security