With my main gig we had the opposite problem with ARAdmin. We'd hand the manual create directions off to the DBA's and they'd do the initial work in Oracle, but change the password to something like Id0ntHav32Te11U (usually longer - I think the non-prod one were 15 characters and the prod ones were 21+)
They would then refuse to give us the password which is pretty much mandatory for installing. We've established a better trust relationship now, but there was a point in time where we'd have to set up a webex for them to type the password in when we were installing, etc. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Shellman, David Sent: Thursday, January 30, 2014 8:28 AM To: arslist@ARSLIST.ORG Subject: Re: Target Attack and BMC Software ITSM? So how many never changed ARAdmin account from the default? Dave -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, January 30, 2014 9:10 AM To: arslist@ARSLIST.ORG Subject: Re: Target Attack and BMC Software ITSM? Wait - so you're not supposed to use Demo after you install? ;) This does give me enough reason to go back and double check to made sure those are turned off in all the environments. You can never be too careful. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn Sent: Thursday, January 30, 2014 7:40 AM To: arslist@ARSLIST.ORG Subject: Re: Target Attack and BMC Software ITSM? Upon further reading, this is a part of their Bladelogic Automation Suite, and that BMC has documented how to remove that account once you have it up and running. I think the Remedy equivalent would be if you installed AR System and left the Demo account out there as it. Thanks, Shawn Pierson Remedy Developer | Energy Transfer -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jeff Lockemy Sent: Thursday, January 30, 2014 7:38 AM To: arslist@ARSLIST.ORG Subject: Re: Target Attack and BMC Software ITSM? Totally... It would be nice if they were a little more specific in the articles. My stress level went up for a bit. LOL -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn Sent: Thursday, January 30, 2014 8:31 AM To: arslist@ARSLIST.ORG Subject: Re: Target Attack and BMC Software ITSM? I read the article and clicked on the link to the Krebs on security site. Based on that site, which may or may not be correct, it's saying that the potential BMC product is BMC Performance Assurance Agent. Since this isn't a part of Remedy I really have no idea how it works and if there is a back door or if it was installed and they forgot to change a default password. In any case, it's not Remedy, so that's a good thing. Thanks, Shawn Pierson Remedy Developer | Energy Transfer -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jeff Lockemy Sent: Thursday, January 30, 2014 7:23 AM To: arslist@ARSLIST.ORG Subject: OT: Target Attack and BMC Software ITSM? This news article hit today... http://www.startribune.com/business/242688511.html It says that a default password in a BMC ITSM product may have contributed to the target attack. Jeff Jeff Lockemy Lead Engineer, NAVY 311 Enterprise Service Management PMW-240 ITIL V3 Foundation Certified QMX Support Services Inc. ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4259 / Virus Database: 3658/7001 - Release Date: 01/14/14 Internal Virus Database is out of date. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4259 / Virus Database: 3658/7001 - Release Date: 01/14/14 Internal Virus Database is out of date. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
