Hi Doug,
Thanks for this post... I have been looking for this secret for some
time. As I was implementing my solution, I ran across this Process:
Application-Invalidate-User
Is there any reason to use the explicit direct SQL instead of calling the
above Process? Perhaps this process was a
.
Thanks for bringing up this command as an improvement to the design.
Doug
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of L G Robinson
Sent: Monday, February 03, 2014 12:49 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM
I have some workflow that uses this Run Process when a (knowledgeable) user
wanders from the forms they should be accessing. I originally built in it
on 7.6.04 but has since been upgraded to 8.1. Works very well.
Jason
On Mon, Feb 3, 2014 at 12:48 PM, L G Robinson n...@ncsu.edu wrote:
**
-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Lucero, Michelle
Sent: Thursday, January 30, 2014 8:04 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Hi, Nate:
Thank you for pointing that out for everyone
this type of attack.
It's just political finger pointing!
Sincerly,
David Charters
Charters Technologies
317-331-8985
Original message
From: Nathan Aker
Date:01/30/2014 6:21 PM (GMT-05:00)
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM
Just so we are all using the same terminology, a backdoor is intentionally
hidden (although it may be discovered), so anything documented, like Demo, is
not a backdoor. http://en.wikipedia.org/wiki/Backdoor_(computing)
Doug Mueller wrote:
Now, there are a bunch of other security settings
Dale,
arcache was updated a few versions ago to be able to only be run from the
server, it no longer offers an option for what host to connect to...so it
has to be run locally, which greatly increases it's securityand as you
mentioned, if you have that config option set...you can't even do it
, January 31, 2014 8:25 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Just so we are all using the same terminology, a backdoor is intentionally
hidden (although it may be discovered), so anything documented, like Demo, is
not a backdoor. http://en.wikipedia.org/wiki
Everyone,
As an adjunct to this conversation, there has come up again a topic that is
asked about periodically -
What does the Disable mean on the User form for a user.
Well, out of the box, it doesn't mean anything. We always are considering what
it should mean, but a bit
part of the
(If
such an agreement is in place).
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of David Charters
Sent: Thursday, January 30, 2014 11:21 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
**
That bs. I know every inch of itsm
Hi Doug,
I guess a direct sql against the user_cache will work as long as you do not
run an arrelod -U command, or copy the records from the User-form to another
server using ARX-files or the API...
The above steps would reactivate the user, right?
Best Regards - Misi, RRR AB,
doug_muel...@bmc.com
To: arslist@ARSLIST.ORG
Sent: Friday, January 31, 2014 3:59:04 PM
Subject: Re: Target Attack and BMC Software ITSM? (Disable user sub-discussion)
**
Everyone,
As an adjunct to this conversation, there has come up again a topic that is
asked about periodically –
What
. Or, set the user record to INVALID or
Doug
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of pritch
Sent: Friday, January 31, 2014 1:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM? (Disable
is an interesting way to do it.
Doug Mueller
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Misi Mladoniczky
Sent: Friday, January 31, 2014 1:19 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM? (Disable
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed
to the target attack.
Jeff
Jeff Lockemy
Lead Engineer, NAVY 311
Enterprise Service Management PMW-240
ITIL V3 Foundation Certified
QMX
Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed
to the target attack.
Jeff
Jeff Lockemy
Lead Engineer, NAVY 311
Enterprise Service Management PMW-240
@ARSLIST.ORG] On Behalf Of Jeff Lockemy
Sent: Thursday, January 30, 2014 7:23 AM
To: arslist@ARSLIST.ORG
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have
Message-
From: Jeff Lockemy [mailto:jlock...@gmail.com]
Sent: Thursday, January 30, 2014 8:23 AM
To: 'arslist@arslist.org'
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC
AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I read the article and clicked on the link to the Krebs on security site.
Based on that site, which may or may not be correct, it's saying that the
potential BMC product is BMC Performance Assurance Agent. Since
Pierson
Remedy Developer | Energy Transfer
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jeff Lockemy
Sent: Thursday, January 30, 2014 7:38 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Totally
)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn
Sent: Thursday, January 30, 2014 7:40 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Upon further reading, this is a part of their Bladelogic Automation Suite, and
that BMC has documented how to remove
discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn
Sent: Thursday, January 30, 2014 7:40 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Upon further reading, this is a part of their Bladelogic Automation Suite, and
that BMC has documented
: (908) 613-5769
Cell: (914) 263-6802
From: Shellman, David dave.shell...@te.com
To: arslist@ARSLIST.ORG,
Date: 01/30/2014 09:28 AM
Subject:Re: Target Attack and BMC Software ITSM?
Sent by:Action Request System discussion list(ARSList)
arslist@ARSLIST.ORG
So how many
.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Shellman, David
Sent: Thursday, January 30, 2014 8:28 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
So how many never changed ARAdmin account from
, January 30, 2014 8:10 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Wait - so you're not supposed to use Demo after you install? ;)
This does give me enough reason to go back and double check to made sure those
are turned off in all the environments. You can never
, January 30, 2014 9:05 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Alternatively, you can leave it as a default, remove all permissions, set a
custom homepage form for it in the preferences that automatically redirects it
to a Youtube video of the singing Trololo guy
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Wait - so you're not supposed to use Demo after you install? ;)
This does give me enough reason to go back and double check to made sure
those are turned off in all the environments. You can never be too careful
One of the features we introduced in SSO Plugin 4 was heavy warnings on
the SSO Plugin status page if the user had not changed the default
'arsystem' Mid Tier configuration password. You can google and find a
number of Mid Tiers with it still running on the default password.
Also, we recently
I will bet changes will be coming.
Maybe they will change the disabled status to actually disable the user.
-John
On Thu, Jan 30, 2014 at 9:31 AM, John Baker
jba...@javasystemsolutions.comwrote:
One of the features we introduced in SSO Plugin 4 was heavy warnings on
the SSO Plugin status
(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow
Sent: Thursday, January 30, 2014 9:13 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
The funny part about that is that most IT Security departments would freak out
about the embedded YouTube link
30, 2014 5:31 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I read the article and clicked on the link to the Krebs on security site.
Based on that site, which may or may not be correct, it's saying that the
potential BMC product is BMC Performance Assurance Agent
Doug
And you don't force administrators to change the default Mid Tier
password, which is the most relevant starting point for abuse given
everything else is basically hidden from a web client.
And you haven't made the disable User radio do what it says on the
tin, ie disable a user, which will
@ARSLIST.ORG] On Behalf Of Mueller, Doug
Sent: Thursday, January 30, 2014 9:19 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Everyone,
Just to be clear about the Remedy environment and passwords:
1) There are absolutely NO backdoor passwords that are used for system
discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of John Baker
Sent: Thursday, January 30, 2014 2:17 PM
To: arslist@ARSLIST.ORG
Subject: Target Attack and BMC Software ITSM?
Doug
And you don't force administrators to change the default Mid Tier
password, which is the most relevant
Also - if you are going to tinker with security settings/rules:
I think it would be a good idea to enforce the password rules at the
server. Either via filters (probably bad idea) ... or in the actual arserver
code (better idea).
Last time I checked - they were enforced via active links ...
Fred: Sadly, setting a predictable password isn't going to stop a slow
'drip drip' process enumerating passwords.
John: The core problem, as is the case with much of AR System, is an
unwillingness to tackle design changes in the correct place. You are
correct that security should happen in the
Subject: Target Attack and BMC Software ITSM?
Fred: Sadly, setting a predictable password isn't going to stop a slow 'drip
drip' process enumerating passwords.
John: The core problem, as is the case with much of AR System, is an
unwillingness to tackle design changes in the correct place. You
John,
You tend to 'crap' on the product line on a regular basis...and I don't
typically respond, because you are usually 'correct'...if a bit mean
spirited about most of the comments you make...but on this one, I can't
agree.
While it might only take 10 min's with a single if statement to check
LJ
I think that disabled means disabled. It doesn't mean anything else. :)
You make a good point about the error message, but that's easy to solve
- re-use the existing user/password error. But actually, I think it's
fairly well accepted that it's safe to tell a user their account is
disabled
I tend to agree that Disabled means they shouldn't be able to gain access
to the systembut yes, there is a veritable spiderweb of considerations
to take into account to consider it a 'quick 10 min fix'. :)
On Thu, Jan 30, 2014 at 2:55 PM, John Baker
jba...@javasystemsolutions.comwrote:
LJ
LJ
I guess my point is, it really should be a ten minute fix. If it's not,
there's a problem to address given the sensitivity of the code in
question (ie authentication).
John
___
UNSUBSCRIBE or access ARSlist Archives
7:23 AM
To: arslist@ARSLIST.ORG
Subject: OT: Target Attack and BMC Software ITSM?
This news article hit today...
http://www.startribune.com/business/242688511.html
It says that a default password in a BMC ITSM product may have contributed to
the target attack.
Jeff
Jeff Lockemy
Lead
] On Behalf Of Ortega, Jesus A
Sent: Thursday, January 30, 2014 4:47 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
I guess it's good that BMC is private now or else their stock price would have
started tanking after this news. Good move, BMC.
-Original Message
be there today.
Thank you,
Michelle
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Nathan Aker
Sent: Thursday, January 30, 2014 5:22 PM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
This article
Aker nathan_a...@mcafee.com
Date:01/30/2014 6:21 PM (GMT-05:00)
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
This article states it was a user from the Performance Assurance suite, not
ITSM.
http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach
, 2014 9:19 AM
To: arslist@ARSLIST.ORG
Subject: Re: Target Attack and BMC Software ITSM?
Everyone,
Just to be clear about the Remedy environment and passwords:
1) There are absolutely NO backdoor passwords that are used for system
access that
are not visible and under the control
46 matches
Mail list logo