According to the official IBM Security Bulletins released so far, Cast Iron version 7.x and two MQ Support Pacs are affected. The recommendation for people who work with any of these tools is to keep watching the IBM Support Portal as well as the IBM Product Security Incident Response Team (PSIRT) for more security bulletin updates.
See the official IBM Security Bulletins for each technology:
- IBM WebSphere DataPower
http://www-304.ibm.com/support/docview.wss?uid=swg21669672 - IBM WebSphere MQ
http://www-01.ibm.com/support/docview.wss?uid=swg21669839 - IBM WebSphere Message Broker and IBM Integration Bus
http://www-01.ibm.com/support/docview.wss?uid=swg21670215 - IBM WebSphere Cast Iron
http://www-01.ibm.com/support/docview.wss?uid=swg21669994
Besides the need of reissuing certificates that may have been compromised, there should also be an effort to revoke them. Imagine revoking and reissuing new certificates for 66% of the Internet... The Certificate Authorities might be laughing really loud by now with this unforeseen profit about to enter their books...
No comments:
Post a Comment