Paul Clarke facts

Posted on April 20, 2012 by T.Rob

Chuck Norris has nothing on Paul Clarke.  Here’s my Top 10 reasons why:

10 – Documented message priorities are 0-9 but there’s an undocumented “Paul” priority.

9 – Paul doesn’t use message selectors. He just thinks about which message he wants and the QMgr delivers it.

8 – There is no message expiry. Only messages that Paul has allowed to live and those he has not.

7 – The signed certs trust the CA but the CAs trust Paul.

6 – Paul used to get terrible service in restaurants so he optimized the put-to-getting-waiter algorithm.

5 – Andy Stanford-Clark’s house has a sign out front that reads “Powered by Paul.”

4 – Paul authenticates to your QMgr with “it’s me.”

3 – When WebSphere MQ was invented they found a message already on the queue with the MQMD.UserID == pclarke.

2 – Paul doesn’t need his passport at customs.  He shows them his identity context.

And the #1 Paul Clarke fact:

Paul can cause a message in a rolled back UOW to be committed *and* still maintain transactional integrity!

Posted in Humor | Tagged , , , | Leave a comment

PCI zone and non PCI zone in same DataPower box

Posted on March 16, 2012 by T.Rob

I’ve been having PCI Déjà vu lately.  It seems the same questions keep coming up over and over.  One strategy for compliance that is nearly ubiquitous is to segregate the PCI data from the rest of the network.  In practical terms, this usually means a dedicated subnet or network, firewalled from the rest of the intranet and with dedicated software and hardware components.  When people approach PCI compliance as simple configuration they eventually ask “why not put the non-PCI data in the PCI enclave?”  The theory is that if the PCI network is good enough for the PCI data then it is good enough for the less sensitive data and having just one set of components would cut costs.  Because I’m lazy and didn’t want to write yet another response to this, I thought I’d post the latest one here.

Continue reading

Posted in General, WMQ Security | Tagged , , , , , , | 4 Comments

GWC Webinar posted

Posted on January 19, 2012 by T.Rob

The WebSphere MQ Security Deeper Dive slides from the  Global WebSphere Community webinar last month are now posted on this site.  You can get them from the Links page or just click here.  If you want the screencast and recording they are available form the Global WebSphere Community’s site here.  Thanks go to the great folks at Global WebSphere Community who were excellent to work with in planning, producing and executing the webinar!

Posted in IBMMQ, MQ AMS, News, Publications, WMQ Security | Leave a comment

Previous security lab reposted

Posted on November 9, 2011 by T.Rob

I acted a bit too hastily in removing the old WMQ Security Lab download when the new one was posted.  Several readers reminded me that the new lab is for v7.1 and that isn’t even out yet!  Everyone who needs these materials is obviously still on v6.0 or v7.0 so mea culpa.  The download is restored to it’s rightful place on the Links page.

Posted in IBMMQ, Publications, WMQ Security | Leave a comment

Credit card security fail

Posted on November 2, 2011 by T.Rob

I suppose it says something about my travel schedule when a local purchase at Best Buy triggers a card security alert, but charges across country or overseas do not.  When I arrived home after picking up one of the new 3TB disk drives there was a voice mail from my bank informing me that I needed to call right away regarding a suspicious card transaction.  The number they provided was not the same customer service number on the back of the credit card. This pegged my mental fraud detector so I called the number on the back of the card instead.  The Customer Service Rep politely informed me that “we don’t handle those here” and that I would need to call the number provided in the voice mail and no she could not verify that the number in the voice mail belonged to the bank. “But it must be the right number or they wouldn`t have called you, right?”  Sigh… Amateur. Continue reading

Posted in Fail, News | 2 Comments

Encrypting passwords in config files – secure or not?

Posted on October 24, 2011 by T.Rob

Not long ago a colleague told me he wished that he could use a .kdb format keystore for his Java applications.  When I inquired as to why, he said he liked that the .kdb includes the ability to stash an encrypted version of the password, whereas with his Java application he was obliged to store the password in a configuration file and, more importantly to his mind, in plain text.  My initial reaction was that encrypting the Java passwords would probably be a good thing.  Judging by the frequency with which this requirement comes up, I’m guessing most people would agree.  Intuitively, it makes sense – an encrypted password must be more secure than one in plain text, right?  The more I think about it, the more I’m convinced that the opposite is the case.  I’ll explain why after the break. Continue reading

Posted in General, WMQ Security | 3 Comments

WMQ Security in v7.1

Posted on October 18, 2011 by T.Rob

For those of you who missed it, Morag presented the WMQ Security session at this year’s WebSphere Technical Conference last week.  This was exciting for a few reasons, not the least of which was – did I mention MORAG presented? So good to have her back at the conference.

Of course, for this iteration she had written all new content for the conference.  There are so many changes related to security in v7.1 that almost all of the session was devoted to the new features!  There is almost nothing left of my content from the deck but hey, it was pushed out by new features and that’s a problem I love to have.  This blog post is a very high level overview of those new features.

Continue reading

Posted in IBMMQ, News, WMQ Security | 1 Comment

Posted WMQ v7.1 “What’s New” presentation

Posted on October 11, 2011 by T.Rob

The much-awaited “What’s New in WMQ v7.1” session has been surrounded by technical issues.  On the first day of the conference it was completely omitted from the agenda.  The repeat is listed on the agenda with the wrong title.  Today I found that the presentation is not available for download from the conference site.  Sigh.  At least that last one is something I can do something about.  You can now go to the Links page to download the What’s New in WMQ v7.1 presentation.

Posted in General | Leave a comment

WSTC 2011 WMQ/WMB presentations

Posted on October 6, 2011 by T.Rob

The WebSphere MQ and WebSphere Message Broker presentations scheduled for the 2011 WebSphere Technical Conference in Berlin next week are listed after the break.

When I’m not presenting or meeting you can probably find me in one of the security-related sessions in the list below.  This is an exciting year for WMQ and Broker, with many new features and delivery of some long-standing feature requests.  WSTC and IMPACT are your best bets for early education on all the changes and I hope to see you at one of these events!

Note: Updated with corrected times as of 10 October.

Continue reading

Posted in Events, General | Leave a comment

Guest blogger @ WebSphere User Group

Posted on August 11, 2011 by T.Rob

Ben Wen and I were invited to be guest bloggers at WebSphere User Group this month so the post I was planning for this space was hijacked! You can read it at WebSphere User Group posted as The Invisible Threat.

Posted in IBMMQ, News, Publications, WMQ Security | Tagged , , , , , , , , | Leave a comment