Archive for the Category: Security

10 (or so) of the worst passwords exposed by the LinkedIn hack

June 13, 2012 Roger Lacroix

Everyone who uses LinkedIn should read this article ASAP: http://arstechnica.com/security/2012/06/10-or-so-of-the-worst-passwords-exposed-by-the-linkedin-hack/ I changed my LinkedIn password when I first heard about it and sadly, mine is on the list of exposed passwords. Everyone should change their LinkedIn password ASAP. If you want to see if your password was leaked and cracked, go to LeakedIn (Nice name!) […]

Comments Off on 10 (or so) of the worst passwords exposed by the LinkedIn hack

MQAUSX and Microsoft Active Directory

March 21, 2012 Roger Lacroix

Centralize authentication is a great thing. Many customers use MQAUSX on AIX, HP-UX, IBM i (OS/400), Linux, Solaris and authenticate against Microsoft Active Directory (AD) as a remote LDAP server. Since, AD conforms to LDAP v3, this generally works very well. Some companies configure their AD servers such that the attribute sAMAccountName contains the user’s […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, Unix, Windows Comments Off on MQAUSX and Microsoft Active Directory

MQAUSX LDAP on Linux x86 & Linux x64

February 1, 2012 Roger Lacroix

When MQAUSX first supported LDAP authentication, Capitalware used Novell’s LDAP Libraries for C for AIX, HP-UX, Solaris, Linux x86, Linux x64 (x86 64-bit) and Windows. Several years ago, for AIX, HP-UX and Solaris platforms, we switched to the native/included client LDAP libraries that are available for each OS (Operating System). This week, a weird bug […]

Also posted in Capitalware, IBM MQ, Linux, MQ Authenticate User Security Exit Comments Off on MQAUSX LDAP on Linux x86 & Linux x64

MQAUSX/MQSSX versus WMQ v7.1 CHLAUTH

January 30, 2012 Roger Lacroix

Last week, there was a robust/lively discussion on the MQSeries List Server regarding Derek Hornby’s question of (see http://comments.gmane.org/gmane.network.mq.devel/13985): In the MQ V7.1 base install, a channel authentication record is created which is a “block user list” for all channels, and the block is on a User List of *MQADMIN So I created a User […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, MQ Standard Security Exit, Unix, Windows, z/OS Comments Off on MQAUSX/MQSSX versus WMQ v7.1 CHLAUTH

Where’s the Security?

January 23, 2012 Roger Lacroix

Over the last 2 months, all of the sudden, I have “where’s the security?” phrase running through my head. Instead of that little old lady from the 80’s Wendy’s commercial saying “Where’s the beef?”, I have her in my head saying “Where’s the security?”. Back in 2005, when I first starting selling Capitalware’s MQ Authenticate […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, MQ Enterprise Security Suite, MQ Standard Security Exit, Unix, Windows, z/OS Comments Off on Where’s the Security?

WebSphere MQ v7.1 and MQAUSX

January 4, 2012 Roger Lacroix

Capitalware has begun testing MQAUSX with WebSphere MQ (WMQ) v7.1 and everything is working very well. There are 2 items that everyone needs to be aware of when using MQAUSX with WMQ v7.1. 1. WMQ v7.1 has a new feature called Channel Authentication Records. (A poor name as no authentication is actually taking place. IBM […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, Unix, Windows 7 Comments

End-To-End Encryption with MQ File Mover (How To #3)

December 7, 2011 Roger Lacroix

In the MQ File Mover (MQFM) How To #2 blog posting, MQFM ran in “client mode” when it connected to the queue managers. In this blog posting, I will show how to implement a simple file transfer using End-To-End encryption when connecting to the queue manager in “client mode”. MQFM’s Send and Watch Actions use […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Java, Linux, macOS (Mac OS X), MQ File Mover, Open Source, Unix, Windows 1 Comment

MQAUSX without a Client-side Security Exit – Part 2

September 1, 2011 Roger Lacroix

As mentioned in Part 1, I often get asked if MQAUSX can authenticate a UserID and Password without the requirement of a client-side security exit. The answer is yes. Part 1 demonstrated how to set a UserID and Password for a client connection to a remote queue manager via code samples (i.e. C, C++, C#, […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, Unix, Windows, z/OS Comments Off on MQAUSX without a Client-side Security Exit – Part 2

MQAUSX without a Client-side Security Exit – Part 1

August 23, 2011 Roger Lacroix

Quite often I get asked if MQAUSX can authenticate a UserID and Password without the requirement of a client-side security exit. The answer is yes. MQAUSX is actually 3 products in one: 1. If the client application is configured with the client-side security exit then the user credentials are encrypted and sent across the wire […]

Also posted in .NET, C, C#, C++, Capitalware, IBM MQ, Java, JMS, MQ Authenticate User Security Exit, Programming Comments Off on MQAUSX without a Client-side Security Exit – Part 1

MQAUSX and AES 256-bit Encryption

June 27, 2011 Roger Lacroix

MQ Authenticate User Security Exit (MQAUSX) currently uses the ‘Tiny Encryption Algorithm Variant’ (aka TEAV or XTEA) for encryption and decryption of the user’s password between the client-side security exit and the server-side security exit. The security group of existing customers and potential customers are requesting that we use Advanced Encryption Standard (AES) symmetric-key encryption […]

Also posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, Unix, Windows, z/OS Comments Off on MQAUSX and AES 256-bit Encryption