I have some workflow that uses this Run Process when a (knowledgeable) user
wanders from the forms they should be accessing. I originally built in it
on 7.6.04 but has since been upgraded to 8.1. Works very well.
Jason
On Mon, Feb 3, 2014 at 12:48 PM, L G Robinson wrote:
> **
> Hi Doug,
>
>
he problem.
Thanks for bringing up this command as an improvement to the design.
Doug
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of L G Robinson
Sent: Monday, February 03, 2014 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Sof
Hi Doug,
Thanks for this post... I have been looking for this "secret" for some
time. As I was implementing my solution, I ran across this Process:
Application-Invalidate-User
Is there any reason to use the explicit direct SQL instead of calling the
above Process? Perhaps this process was a
many
bad passwords and the INVALID user is an interesting way to do it.
Doug Mueller
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Misi Mladoniczky
Sent: Friday, January 31, 2014 1:19 PM
To: arslist@ARSLIST.ORG
Subject:
. Or, set the user record to INVALID or
Doug
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of pritch
Sent: Friday, January 31, 2014 1:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM? (Di
: "Doug Mueller"
To: arslist@ARSLIST.ORG
Sent: Friday, January 31, 2014 3:59:04 PM
Subject: Re: Target Attack and BMC Software ITSM? (Disable user sub-discussion)
**
Everyone,
As an adjunct to this conversation, there has come up again a topic that is
asked about periodically
Hi Doug,
I guess a direct sql against the user_cache will work as long as you do not
run an arrelod -U command, or copy the records from the User-form to another
server using ARX-files or the API...
The above steps would reactivate the user, right?
Best Regards - Misi, RRR AB, http://www
NORTHCRAFT ANALYTICS LLC (If
such an agreement is in place).
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of David Charters
Sent: Thursday, January 30, 2014 11:21 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
**
That
Everyone,
As an adjunct to this conversation, there has come up again a topic that is
asked about periodically -
What does the Disable mean on the User form for a user.
Well, out of the box, it doesn't mean anything. We always are considering what
it should mean, but a bit
part of the discuss
, January 31, 2014 8:25 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Just so we are all using the same terminology, a backdoor is intentionally
hidden (although it may be discovered), so anything documented, like Demo, is
not a backdoor. http://en.wikipedia.org/wiki
Dale,
arcache was updated a few versions ago to be able to only be run from the
server, it no longer offers an option for what host to connect to...so it
has to be run locally, which greatly increases it's securityand as you
mentioned, if you have that config option set...you can't even do it
l
Just so we are all using the same terminology, a backdoor is intentionally
hidden (although it may be discovered), so anything documented, like Demo, is
not a backdoor. http://en.wikipedia.org/wiki/Backdoor_(computing)
> Doug Mueller wrote:
>
> Now, there are a bunch of other security settings
T Service Management
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of Ortega, Jesus A
> Sent: Thursday, January 30, 2014 4:47 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Target Attack and BMC Sof
Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arslist@ARSLIST.ORG] On Behalf Of Lucero, Michelle
> Sent: Thursday, January 30, 2014 8:04 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Target Attack and BMC Software ITSM?
>
> Hi, Nate:
>
>
tion Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] On Behalf Of Mueller, Doug
> Sent: Thursday, January 30, 2014 9:19 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Target Attack and BMC Software ITSM?
>
> Everyone,
>
> Just to be clear about the Remedy enviro
om: Nathan Aker
Date:01/30/2014 6:21 PM (GMT-05:00)
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
This article states it was a user from the Performance Assurance suite, not
ITSM.
http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach/
Nathan Aker
d still be there today.
Thank you,
Michelle
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Nathan Aker
Sent: Thursday, January 30, 2014 5:22 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Th
] On Behalf Of Ortega, Jesus A
Sent: Thursday, January 30, 2014 4:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I guess it's good that BMC is private now or else their stock price would have
started tanking after this news. Good move, BMC.
-Original Me
2014 7:23 AM
To: arslist@ARSLIST.ORG
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed to
the target attack.
Jeff
Jeff Lockemy
LJ
I guess my point is, it really should be a ten minute fix. If it's not,
there's a problem to address given the sensitivity of the code in
question (ie authentication).
John
___
UNSUBSCRIBE or access ARSlist Archives
I tend to agree that Disabled means they shouldn't be able to gain access
to the systembut yes, there is a veritable spiderweb of considerations
to take into account to consider it a 'quick 10 min fix'. :)
On Thu, Jan 30, 2014 at 2:55 PM, John Baker
wrote:
> LJ
>
> I think that disabled mean
LJ
I think that disabled means disabled. It doesn't mean anything else. :)
You make a good point about the error message, but that's easy to solve
- re-use the existing user/password error. But actually, I think it's
fairly well accepted that it's safe to tell a user their account is
disabled [an
John,
You tend to 'crap' on the product line on a regular basis...and I don't
typically respond, because you are usually 'correct'...if a bit mean
spirited about most of the comments you make...but on this one, I can't
agree.
While it might only take 10 min's with a single if statement to check to
uary 30, 2014 3:16 PM
To: arslist@ARSLIST.ORG
Subject: Target Attack and BMC Software ITSM?
Fred: Sadly, setting a predictable password isn't going to stop a slow 'drip
drip' process enumerating passwords.
John: The core problem, as is the case with much of AR System, is an
unwillin
Fred: Sadly, setting a predictable password isn't going to stop a slow
'drip drip' process enumerating passwords.
John: The core problem, as is the case with much of AR System, is an
unwillingness to tackle design changes in the correct place. You are
correct that security should happen in the ser
Also - if you are going to tinker with security settings/rules:
I think it would be a good idea to enforce the password rules at the
server. Either via filters (probably bad idea) ... or in the actual arserver
code (better idea).
Last time I checked - they were enforced via active links ... which
discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of John Baker
Sent: Thursday, January 30, 2014 2:17 PM
To: arslist@ARSLIST.ORG
Subject: Target Attack and BMC Software ITSM?
Doug
And you don't force administrators to change the default Mid Tier
password, which is the most rel
@ARSLIST.ORG] On Behalf Of Mueller, Doug
Sent: Thursday, January 30, 2014 9:19 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Everyone,
Just to be clear about the Remedy environment and passwords:
1) There are absolutely NO backdoor passwords that are used for system
Doug
And you don't force administrators to change the default Mid Tier
password, which is the most relevant starting point for abuse given
everything else is basically hidden from a web client.
And you haven't made the "disable User" radio do what it says on the
tin, ie disable a user, which wil
30, 2014 5:31 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I read the article and clicked on the link to the Krebs on security site.
Based on that site, which may or may not be correct, it's saying that the
potential BMC product is BMC Performance Assurance
stem discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow
Sent: Thursday, January 30, 2014 9:13 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
The funny part about that is that most IT Security departments would freak out
about the embed
I will bet changes will be coming.
Maybe they will change the "disabled" status to actually disable the user.
-John
On Thu, Jan 30, 2014 at 9:31 AM, John Baker
wrote:
> One of the features we introduced in SSO Plugin 4 was heavy warnings on
> the SSO Plugin status page if the user had not chan
One of the features we introduced in SSO Plugin 4 was heavy warnings on
the SSO Plugin status page if the user had not changed the default
'arsystem' Mid Tier configuration password. You can google and find a
number of Mid Tiers with it still running on the default password.
Also, we recently pic
lf Of William Rentfrow
> Sent: Thursday, January 30, 2014 8:10 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Target Attack and BMC Software ITSM?
>
> Wait - so you're not supposed to use Demo after you install? ;)
>
> This does give me enough reason to go back and double check t
, January 30, 2014 9:05 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Alternatively, you can leave it as a default, remove all permissions, set a
custom homepage form for it in the preferences that automatically redirects it
to a Youtube video of the singing Trololo guy
, January 30, 2014 8:10 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Wait - so you're not supposed to use Demo after you install? ;)
This does give me enough reason to go back and double check to made sure those
are turned off in all the environments. You can
n we were installing, etc.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Shellman, David
Sent: Thursday, January 30, 2014 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
So how many never changed
30
Office: (908) 613-5769
Cell: (914) 263-6802
From: "Shellman, David"
To: arslist@ARSLIST.ORG,
Date: 01/30/2014 09:28 AM
Subject: Re: Target Attack and BMC Software ITSM?
Sent by:"Action Request System discussion list(ARSList)"
So how many never cha
ystem discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn
Sent: Thursday, January 30, 2014 7:40 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Upon further reading, this is a part of their Bladelogic Automation Suite, and
that BMC has docum
SList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn
Sent: Thursday, January 30, 2014 7:40 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Upon further reading, this is a part of their Bladelogic Automation Suite, and
that BMC has documented how to remove
Pierson
Remedy Developer | Energy Transfer
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jeff Lockemy
Sent: Thursday, January 30, 2014 7:38 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Totally
AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I read the article and clicked on the link to the Krebs on security site.
Based on that site, which may or may not be correct, it's saying that the
potential BMC product is BMC Performance Assurance Agent. Since
-Original Message-
From: Jeff Lockemy [mailto:jlock...@gmail.com]
Sent: Thursday, January 30, 2014 8:23 AM
To: 'arslist@arslist.org'
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says tha
st)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jeff Lockemy
Sent: Thursday, January 30, 2014 7:23 AM
To: arslist@ARSLIST.ORG
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC I
Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed
to the target attack.
Jeff
Jeff Lockemy
Lead Engineer, NAVY 311
Enterprise Service Management PMW-240
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed
to the target attack.
Jeff
Jeff Lockemy
Lead Engineer, NAVY 311
Enterprise Service Management PMW-240
ITIL V3 Foundation Certified
QMX
46 matches
Mail list logo