Tell them that the proof is in the pudding. Challenge them to a $10 bet; get out a stopwatch; and sit them at a computer. If they succeed, it will be $10 well spent to expose a security weakness. Otherwise enjoy the $10 and watching them squirm. Jerry Whittle ASIFICS DBA NCI Information Systems Inc. jerome.whittle@xxxxxxxxxxxx 618-622-4145 > -----Original Message----- > From: Nuno Souto [SMTP:dbvision@xxxxxxxxxxxxxxx] > > Someone at work maintains that it takes them 10 minutes to > break the Oracle SYS password security. > > And the Sun boof-head (a different person and I use the > term loosely...) assures me he's capable of doing so any time > he wants. > > Now, I've been away from this security stuff for a year or so and > I may well be wrong here, but breaking the password security > means cracking the Oracle encryption. While this may be possible, > I can't believe it only takes 10 minutes? > > Wouldn't it rather be a case of social engineering at work? > Or just a plain vanilla "change_on_install" case? > > <says he who used to change it to "changed", > with the obvious funny consequences> > Cheers > Nuno Souto > nsouto@xxxxxxxxxxxxxxx >