This episode of The Deep Queue celebrates the first birthday of the podcast with some discussion of the SSL protocol vulnerability that was recently discovered. Although there has been no announcement with regard to WebSphere MQ, I try to put the whole discussion into a larger context and ask if this is really the thing we need to worry about considering what else is going on. More on that in the podcast or transcript.
Links for this episode:
IBM e-notifications service
http://www-01.ibm.com/software/websphere/support/einfo.html
Security Now podcast: http://bit.ly/2sLizB
The episode you want is #223 and it should be online this Thursday, November 19th.
Presentation: New Tricks For Defeating SSL In Practice http://bit.ly/NPtwf
from Black Hat 2009 by Moxie Marlinspike
Tools: SSLSTRIP from thoughtcrime.org http://bit.ly/3mu8QB
Provided by Moxie Marlinspike
Got your answer. Thanks a lot, Rob!
Hi Rob,
I just realized that you have this great site already and I think I’d better visit frequently for WMQ tips.
Could you please have a look at the post on stackoverflow?
http://stackoverflow.com/questions/2655622/how-to-make-multiple-instances-of-rcvr-rqstr-and-clusrcvr-channels-in-wmq
Thank you
Hi Nikhil,
Among other things, locking out the old SVRCONN. This is too deep a subject to cover in this format. Frankly, there aren’t any widely accepted best practices for PCI and WMQ yet, as far as I know. In fact, I believe PCI is only now beginning to look into what used to be called “the trusted internal network” at middleware in general. That said, you might have a look at this article for some additional thoughts on PCI and WMQ: http://bit.ly/63eIux
Hi Rob,
I’m working for a Retail Client and we have to implement PCI requirements on MQ Servers. As part of this, we asked the app folks to use new svrconn with MCAUSER instead of default one. I would like to know what are the other things has to be changed to meet the requirements.
MQ versions – 6.0.2.2 & above
OS – Solaris 10 & Win 2003
Thank You