Thursday, April 2, 2009

MQ, one of the blind spots

I've recently wrote about security blind spots, those things inside organizations that bring high risks but are usually not seen during risk and vulnerability assessment activities. Gunnar Peterson mentioned on his blog one of the most common blind spots for big organizations, MQ Series. This is related to the mainframe problem that I wrote about on my article about blind spots. As Peterson says, "MQ Series was designed for a benign environment not a hostile one. Because the mainframe plays a central role in many companies' culture they continued to connect the way they always had, and the inspectors (auditors, pen testers) didn't really notice because they focus mainly on the front door". That's really interesting. Security assessment usually pass far away from these very important points, because when scope definitions are made they are not considered "high risk" areas. The problem is that nobody has ever gone through a thorough review on those areas to identify the risk, people just decided that "the mainframe is secure", as there's nothing in the news or even mainframe exploits being published for Metasploit. That's not the case. Those vulnerabilities are from that class that you don't an exploit, just some inside information. Today, with all those massive lay-offs, do you still think that this kind of information won't be available to potential attackers?