Phillip, > The Sony escapade could have been largely prevented. What really screwed > them was the following: > > "Even more interestingly, BuzzFeed reports that data shared online by > hackers includes a file directory titled “Password,” which includes “139 > Word documents, Excel spreadsheets, zip files, and PDFs containing thousands > of passwords to Sony Pictures’ internal computers, social media accounts and > web service accounts.” Individual file names are “plainly labeled with > titles like ‘password list.xls’ or ‘YouTube login passwords.xlsx.’" > > Without those lists of passwords, I doubt things would have been so bad... I doubt it. May have made it a bit harder but once they are inside your network, its just a matter of time before they find a single username/password from someone with root/admin permission. After that, they will be all over the systems. IF you doubt that, look at these two cases. I am suspecting they were more careful http://mobile.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/ To me, I think its better to patch the applications, deploy selinux and mod-security and encryption of data so that when they do get in, they can only destroy the systems, but would have embarrassing data to post online. In another work, in most companies, you just need one password and username and should be able to go fishing. William -- //www.freelists.org/webpage/oracle-l