Deep Queue #14 – The Elephant Under the Bed

This episode of The Deep Queue celebrates the first birthday of the podcast with some discussion of the SSL protocol vulnerability that was recently discovered.  Although there has been no announcement with regard to WebSphere MQ, I try to put the whole discussion into a larger context and ask if this is really the thing we need to worry about considering what else is going on.  More on that in the podcast or transcript.

Links for this episode:

IBM e-notifications service
http://www-01.ibm.com/software/websphere/support/einfo.html

Security Now podcast: http://bit.ly/2sLizB
The episode you want is #223 and it should be online this Thursday, November 19th.

Presentation: New Tricks For Defeating SSL In Practice http://bit.ly/NPtwf
from Black Hat 2009 by Moxie Marlinspike

Tools: SSLSTRIP from thoughtcrime.org http://bit.ly/3mu8QB
Provided by Moxie Marlinspike

This entry was posted in DeepQueue, WMQ, WMQ Security. Bookmark the permalink.

4 Responses to Deep Queue #14 – The Elephant Under the Bed

  1. Dr.Xray says:

    Got your answer. Thanks a lot, Rob!

  2. Dr.Xray says:

    Hi Rob,

    I just realized that you have this great site already and I think I’d better visit frequently for WMQ tips.

    Could you please have a look at the post on stackoverflow?

    http://stackoverflow.com/questions/2655622/how-to-make-multiple-instances-of-rcvr-rqstr-and-clusrcvr-channels-in-wmq

    Thank you

  3. T.Rob says:

    Hi Nikhil,

    Among other things, locking out the old SVRCONN. This is too deep a subject to cover in this format. Frankly, there aren’t any widely accepted best practices for PCI and WMQ yet, as far as I know. In fact, I believe PCI is only now beginning to look into what used to be called “the trusted internal network” at middleware in general. That said, you might have a look at this article for some additional thoughts on PCI and WMQ: http://bit.ly/63eIux

  4. Nikhil says:

    Hi Rob,

    I’m working for a Retail Client and we have to implement PCI requirements on MQ Servers. As part of this, we asked the app folks to use new svrconn with MCAUSER instead of default one. I would like to know what are the other things has to be changed to meet the requirements.

    MQ versions – 6.0.2.2 & above
    OS – Solaris 10 & Win 2003

    Thank You

Leave a Reply