Re: Funny sort of question re sys password

• From: "Juan Cachito Reyes Pacheco" <jreyes@xxxxxxxxxxxxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Wed, 10 Mar 2004 14:38:13 -0400

Re: Funny sort of question re sys passwordMy question to all of you is, do you 
know what is a spyware and how does it works.
I ask you "Do you know , or do you have a way to know if you have a spyware 
installed in you
machine"
In windows there are several, (including norton), spysweeper, adaware, etc.
In linux what do you use?
  ----- Original Message ----- 
  From: Tim Gorman 
  To: oracle-l@xxxxxxxxxxxxx 
  Sent: Wednesday, March 10, 2004 10:04 AM
  Subject: Re: Funny sort of question re sys password


  Good idea, but just be careful that some bonehead on your system isn't 
entering "sqlplus sys/<password>" on the OS command-line?  Or that he's not 
found a "hidden file" with the password embedded and file-permissions not set 
properly?  (Is that what you meant by "social engineering"?)

  Otherwise, he'll have that $10 out of your hands, toot sweet!

  Either way, it would still be $10 well spent...  :-)



  on 3/10/04 6:49 AM, Whittle Jerome Contr NCI at Jerome.Whittle@xxxxxxxxxxxx 
wrote:


    Tell them that the proof is in the pudding. Challenge them to a $10 bet; 
get out a stopwatch; and sit them at a computer. If they succeed, it will be 
$10 well spent to expose a security weakness. Otherwise enjoy the $10 and 
watching them squirm.

    Jerry Whittle 
    ASIFICS DBA 
    NCI Information Systems Inc. 
    jerome.whittle@xxxxxxxxxxxx 
    618-622-4145 


      -----Original Message----- 
      From:   Nuno Souto [SMTP:dbvision@xxxxxxxxxxxxxxx] 

      Someone at work maintains that it takes them 10 minutes to 
      break the Oracle SYS password security. 

      And the Sun boof-head (a different person and I use the 
      term loosely...) assures me he's capable of doing so any time 
      he wants. 

      Now, I've been away from this security stuff for a year or so and 
      I may well be wrong here, but breaking the password security 
      means cracking the Oracle encryption.  While this may be possible, 
      I can't believe it only takes 10 minutes? 

      Wouldn't it rather be a case of social engineering at work? 
      Or just a plain vanilla "change_on_install" case? 

      <says he who used to change it to "changed", 
      with the obvious funny consequences> 
      Cheers 
      Nuno Souto 
      nsouto@xxxxxxxxxxxxxxx 

• References:
  • Re: Funny sort of question re sys password
    • From: Tim Gorman

Other related posts:

• » Funny sort of question re sys password
• » RE: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » RE: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » RE: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » RE: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password
• » Re: Funny sort of question re sys password

1. Home
2. oracle-l
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---