Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Funny sort of question re sys password

Re: Funny sort of question re sys password

From: Tim Gorman <tim_at_sagelogix.com>
Date: Wed, 10 Mar 2004 07:04:47 -0700
Message-ID: <BC746E8F.11402%tim@sagelogix.com> 





Good idea, but just be careful that some bonehead on your system isn¹t
entering ³sqlplus sys/<password>² on the OS command-line?  Or that he¹s not
found a ³hidden file² with the password embedded and file-permissions not
set properly?  (Is that what you meant by ³social engineering²?)



Otherwise, he¹ll have that $10 out of your hands, toot sweet!



Either way, it would still be $10 well spent...  :-)





on 3/10/04 6:49 AM, Whittle Jerome Contr NCI at Jerome.Whittle_at_scott.af.mil
wrote:


> Tell them that the proof is in the pudding. Challenge them to a $10 bet; get
> out a stopwatch; and sit them at a computer. If they succeed, it will be $10
> well spent to expose a security weakness. Otherwise enjoy the $10 and watching
> them squirm.
> 
> Jerry Whittle 
> ASIFICS DBA 
> NCI Information Systems Inc.
> jerome.whittle_at_scott.af.mil
> 618-622-4145 




>> -----Original Message-----

>> From:   Nuno Souto [SMTP:dbvision_at_optusnet.com.au]

>> 

>> Someone at work maintains that it takes them 10 minutes to

>> break the Oracle SYS password security.

>> 

>> And the Sun boof-head (a different person and I use the

>> term loosely...) assures me he's capable of doing so any time

>> he wants. 

>> 

>> Now, I've been away from this security stuff for a year or so and

>> I may well be wrong here, but breaking the password security

>> means cracking the Oracle encryption.  While this may be possible,

>> I can't believe it only takes 10 minutes?

>> 

>> Wouldn't it rather be a case of social engineering at work?

>> Or just a plain vanilla "change_on_install" case?

>> 

>> <says he who used to change it to "changed",

>> with the obvious funny consequences>

>> Cheers 

>> Nuno Souto 

>> nsouto_at_optusnet.com.au



> 








Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Wed Mar 10 2004 - 08:12:40 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US