Re: Exposures in MQ and CORBA

[mark () ZANG COM (Mark (Mookie))]

> I am trying to learn more about security exposures associated with MQ and CORBA.
> Does anyone have any good references or opinions?

Just annecdotes. Most MQ setups don't adequately revoke permissions
on queues and/or channels. Whilst auditing a national MQ Series
network I was able to connect as a client and alter the queue
settings for remote queues that a client had no business accessing.
This gave me control over message routing, enabling me to spy on
the paylods if I wished. In that case the performance of the
changed routing was a giveaway, but often it'd go unnoticed if
you didn't break anything.

Most admins knowledge of MQ series is cursory to say the least,
even if they work for IBM themselves. If you are contemplating the
use of MQ Series then find yourself a consultant to go through your
configuration and fix the default holes. Once you get past the
IBM "yeeach" of it, it's not a bad product.

Cheers,
Mark.
mark () zang com