Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Funny sort of question re sys password

Re: Funny sort of question re sys password

From: Juan Cachito Reyes Pacheco <jreyes_at_dazasoftware.com>
Date: Wed, 10 Mar 2004 14:38:13 -0400
Message-ID: <004101c406ce$de2e6a70$2501a8c0@dazasoftware.com> 





Re: Funny sort of question re sys passwordMy question to all of you is, do you know what is a spyware and how does it works.
I ask you "Do you know , or do you have a way to know if you have a spyware installed in you
machine"


In windows there are several, (including norton), spysweeper, adaware, etc.
In linux what do you use?





  Good idea, but just be careful that some bonehead on your system isn't entering "sqlplus sys/<password>" on the OS command-line?  Or that he's not found a "hidden file" with the password embedded and file-permissions not set properly?  (Is that what you meant by "social engineering"?)



  Otherwise, he'll have that $10 out of your hands, toot sweet!



  Either way, it would still be $10 well spent...  :-)





  on 3/10/04 6:49 AM, Whittle Jerome Contr NCI at Jerome.Whittle_at_scott.af.mil wrote:




    Tell them that the proof is in the pudding. Challenge them to a $10 bet; get out a stopwatch; and sit them at a computer. If they succeed, it will be $10 well spent to expose a security weakness. Otherwise enjoy the $10 and watching them squirm.



    Jerry Whittle 


    ASIFICS DBA 



    NCI Information Systems Inc. 


    jerome.whittle_at_scott.af.mil 


    618-622-4145 



      -----Original Message----- 
      From:   Nuno Souto [SMTP:dbvision_at_optusnet.com.au] 

      Someone at work maintains that it takes them 10 minutes to 
      break the Oracle SYS password security. 

      And the Sun boof-head (a different person and I use the 
      term loosely...) assures me he's capable of doing so any time 
      he wants. 

      Now, I've been away from this security stuff for a year or so and 
      I may well be wrong here, but breaking the password security 
      means cracking the Oracle encryption.  While this may be possible, 
      I can't believe it only takes 10 minutes? 

      Wouldn't it rather be a case of social engineering at work? 
      Or just a plain vanilla "change_on_install" case? 

      <says he who used to change it to "changed", 
      with the obvious funny consequences> 
      Cheers 
      Nuno Souto 
      nsouto_at_optusnet.com.au 









----------------------------------------------------------------



Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.


--



Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html


Received on Wed Mar 10 2004 - 12:38:46 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US