> How does one audit for shared Windows passwords, even when they may be > encrypted and salted?
Good question. I guess the answer to this and all similar questions is "MFA". Two factor authentication solves a lot of problems, or at least makes them a whole lot less likely. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Monday, May 6, 2019 10:54 AM To: [email protected] Subject: Re: mainframe hacking "success stories"? On Mon, 6 May 2019 10:21:25 -0700, Charles Mills wrote: >#1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a >legitimate part of the mainframe, which it has been for 20 years or so). It >was an exploit of CGI buffer overrun. > Was that Shellshock? Is only bash susceptible to Shellshock. That feature is so vulnerable that it ought to be withdrawn; reliance on filtering inputs is hardly sufficient. >#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It >wasn't really a mainframe hack, they got in through USS." "It wasn't really a >mainframe hack, they re-used a Windows password." "It wasn't really a >mainframe hack ... whatever." If your CEO was standing in front of the press >explaining how your company let x million credit card numbers go astray, would >it matter HOW they got into your mainframe, or only that they DID?" If your >mainframe is vulnerable to a USS hack, or a shared Windows password, or >whatever, you need to fix THAT, or risk having to explain to your CEO why he >got fired (like Target's) for letting all those credit card numbers go astray. > +1 It doesn't matter. How does one audit for shared Windows passwords, even when they may be encrypted and salted? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
