Don't know about shared accounts but I reckon this allows for auditing what goes on with privileged AD accounts...
https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles/ – Vignesh Mainframe Infrastructure -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Charles Mills Sent: 07 May 2019 00:07 To: [email protected] Subject: [EXTERNAL] Re: mainframe hacking "success stories"? > How does one audit for shared Windows passwords, even when they may be > encrypted and salted? Good question. I guess the answer to this and all similar questions is "MFA". Two factor authentication solves a lot of problems, or at least makes them a whole lot less likely. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Monday, May 6, 2019 10:54 AM To: [email protected] Subject: Re: mainframe hacking "success stories"? On Mon, 6 May 2019 10:21:25 -0700, Charles Mills wrote: >#1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a >legitimate part of the mainframe, which it has been for 20 years or so). It >was an exploit of CGI buffer overrun. > Was that Shellshock? Is only bash susceptible to Shellshock. That feature is so vulnerable that it ought to be withdrawn; reliance on filtering inputs is hardly sufficient. >#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It >wasn't really a mainframe hack, they got in through USS." "It wasn't really a >mainframe hack, they re-used a Windows password." "It wasn't really a >mainframe hack ... whatever." If your CEO was standing in front of the press >explaining how your company let x million credit card numbers go astray, would >it matter HOW they got into your mainframe, or only that they DID?" If your >mainframe is vulnerable to a USS hack, or a shared Windows password, or >whatever, you need to fix THAT, or risk having to explain to your CEO why he >got fired (like Target's) for letting all those credit card numbers go astray. > +1 It doesn't matter. How does one audit for shared Windows passwords, even when they may be encrypted and salted? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN MARKSANDSPENCER.COM ________________________________ Unless otherwise stated above: Marks and Spencer plc Registered Office: Waterside House 35 North Wharf Road London W2 1NW Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
