Re: Funny sort of question re sys passwordMy question to all of you is, do you know what is a spyware and how does it works. I ask you "Do you know , or do you have a way to know if you have a spyware installed in you machine" In windows there are several, (including norton), spysweeper, adaware, etc. In linux what do you use? ----- Original Message ----- From: Tim Gorman To: oracle-l@xxxxxxxxxxxxx Sent: Wednesday, March 10, 2004 10:04 AM Subject: Re: Funny sort of question re sys password Good idea, but just be careful that some bonehead on your system isn't entering "sqlplus sys/<password>" on the OS command-line? Or that he's not found a "hidden file" with the password embedded and file-permissions not set properly? (Is that what you meant by "social engineering"?) Otherwise, he'll have that $10 out of your hands, toot sweet! Either way, it would still be $10 well spent... :-) on 3/10/04 6:49 AM, Whittle Jerome Contr NCI at Jerome.Whittle@xxxxxxxxxxxx wrote: Tell them that the proof is in the pudding. Challenge them to a $10 bet; get out a stopwatch; and sit them at a computer. If they succeed, it will be $10 well spent to expose a security weakness. Otherwise enjoy the $10 and watching them squirm. Jerry Whittle ASIFICS DBA NCI Information Systems Inc. jerome.whittle@xxxxxxxxxxxx 618-622-4145 -----Original Message----- From: Nuno Souto [SMTP:dbvision@xxxxxxxxxxxxxxx] Someone at work maintains that it takes them 10 minutes to break the Oracle SYS password security. And the Sun boof-head (a different person and I use the term loosely...) assures me he's capable of doing so any time he wants. Now, I've been away from this security stuff for a year or so and I may well be wrong here, but breaking the password security means cracking the Oracle encryption. While this may be possible, I can't believe it only takes 10 minutes? Wouldn't it rather be a case of social engineering at work? Or just a plain vanilla "change_on_install" case? <says he who used to change it to "changed", with the obvious funny consequences> Cheers Nuno Souto nsouto@xxxxxxxxxxxxxxx