Return-Path: Received: from ensim.rackshack.net (root@localhost) by orafaq.net (8.11.6/8.11.6) with ESMTP id gBHMN5607267 for ; Tue, 17 Dec 2002 16:23:05 -0600 X-ClientAddr: 209.68.248.164 Received: from newsfeed.cts.com (newsfeed.cts.com [209.68.248.164]) by ensim.rackshack.net (8.11.6/8.11.6) with ESMTP id gBHMN4307255 for ; Tue, 17 Dec 2002 16:23:04 -0600 Received: from fatcity.UUCP (uucp@localhost) by newsfeed.cts.com (8.9.3/8.9.3) with UUCP id LAA62775; Tue, 17 Dec 2002 11:05:44 -0800 (PST) Received: by fatcity.com (26-Feb-2001/v1.0g-b72/bab) via UUCP id 0051B822; Tue, 17 Dec 2002 10:44:13 -0800 Message-ID: Date: Tue, 17 Dec 2002 10:44:13 -0800 To: Multiple recipients of list ORACLE-L X-Comment: Oracle RDBMS Community Forum X-Sender: Keith Moore Sender: root@fatcity.com Reply-To: ORACLE-L@fatcity.com Errors-To: ML-ERRORS@fatcity.com From: Keith Moore Subject: Re: password Organization: Fat City Network Services, San Diego, California X-ListServer: v1.0g, build 72; ListGuru (c) 1996-2001 Bruce A. Bergman Precedence: bulk Mime-Version: 1.0 Content-type: multipart/mixed; boundary="----------=_1040150471-24042-137" ------------=_1040150471-24042-137 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 8BIT The best defense is to lock the account if there are over x number of failed logon attempts. Then they have to guess in just a few tries. You can also reduce the change that it will work by enforcing password complexity. Or at least it would take a long time. Make sure people have a number and/or punctuation in their password, preferrable not the last character. It will also be much more difficult if the intruder doesn't know the usernames. Keith ----- Original Message ----- To: "Multiple recipients of list ORACLE-L" Sent: Tuesday, December 17, 2002 12:14 PM > oh this is very scary.... especially that price > > did you try out the demo? I'm still in "catch-up, deal with crises" > mode so I haven't had a chance > > Rachel > > --- Jared.Still@radisys.com wrote: > > Hmm... > > > > Well maybe you *can* crack oracle passwords. > > > > I've just ordered the full version of this product. ( $4, I don't > > think I need to bother the purchasing department ). > > > > I'll let you know how it works. > > > > Jared > > > > > > > > > > > > "Mark Leith" > > Sent by: root@fatcity.com > > 12/17/2002 06:23 AM > > Please respond to ORACLE-L > > > > > > To: Multiple recipients of list ORACLE-L > > > > cc: > > Subject: RE: password > > > > > > Yes, you can do this, but it still doesn't tell you the users > > *current* > > password does it? > > > > Has anyone tried: > > > > http://home.earthlink.net/~adamshalon/oracle_password_cracker/ > > > > ? > > > > Mark > > -----Original Message----- > > Sent: 17 December 2002 13:59 > > To: Multiple recipients of list ORACLE-L > > > > > > And you can use it to change it to your convenience and later > > get this encrypted password "IN" without the knowledge of > > the user.. > > > > Regards > > Jai > > > > > > > > Paulo Gomes > > Sent by: root@fatcity.com > > 12/17/02 06:08 PM > > Please respond to ORACLE-L > > > > To: Multiple recipients of list ORACLE-L > > > > cc: > > Subject: RE: password > > > > > > > > nope u can get the encripted password from the oracle dictionáry > > -----Original Message----- > > Sent: terça-feira, 17 de Dezembro de 2002 11:34 > > To: Multiple recipients of list ORACLE-L > > > > Check the post-it note on their monitor? > > > > :) > > -----Original Message----- > > Sent: 17 December 2002 10:55 > > To: Multiple recipients of list ORACLE-L > > > > he can't but he can change it to a new one and then put the old back > > on > > -----Original Message----- > > Sent: terça-feira, 17 de Dezembro de 2002 4:09 > > To: Multiple recipients of list ORACLE-L > > > > how can a dba see the password of a user. > > > > The new MSN 8: smart spam protection and 2 months FREE* -- Please see > > the official > > ORACLE-L FAQ: http://www.orafaq.com -- Author: faisal ahmad INET: > > faisalahmad4u@hotmail.com Fat City Network > > Services -- 858-538-5051 http://www.fatcity.com San Diego, California > > -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To > > REMOVE yourself from this mailing list, send an E-Mail message to: > > ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the > > message BODY, include a line containing: UNSUB ORACLE-L (or the name > > of > > mailing list you want to be removed from). You may also send the HELP > > > > command for other information (like subscribing). > > > > > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > -- > > Author: > > INET: Jared.Still@radisys.com > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Rachel Carmichael > INET: wisernet100@yahoo.com > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > > ------------=_1040150471-24042-137 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Description: Signature The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. ------------=_1040150471-24042-137-- -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Keith Moore INET: kmoore7@jcpenney.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).