Oracle tells its customers to stop analyzing its code

Discussion in 'Hosting Talk & Reviews' started by Hxxx, Aug 13, 2015.

  1. Hxxx

    Hxxx Active Member

    473
    154
    Dec 20, 2013
    http://www.extremetech.com/computing/212038-oracle-tells-its-customers-to-stop-analyzing-its-code-for-security-flaws#disqus_thread

    Source ^ :

    Whats your take on this? 
     
    Tyler likes this.
  2. wlanboy

    wlanboy Content Contributer

    2,126
    1,169
    May 16, 2013
    This was a big *lol* for me.
    It is a solution for their bug-o-matic software to kill everyone who finds a security issue - but there are enough people searching for them.
    To sue the white-hats is not clever at all.
     
     
    Licensecart likes this.
  3. IndoVirtue

    IndoVirtue New Member Verified Provider

    12
    6
    Apr 21, 2015
    Real men use 'security by obscurity'. Oh wait...

    Joking aside, Oracle should actually be thankful that those 'customers and independent security researchers' took their time doing it, which is actually a good intent to improve the code base towards so called perfect. If anything, it's harmless. And it's a lot better than the actual evil hacker discovering it in the future and mess the company and its customer up.
     
    Last edited by a moderator: Aug 13, 2015
    souen, eva2000 and Licensecart like this.
  4. GIANT_CRAB

    GIANT_CRAB New Member

    525
    270
    May 21, 2013
    Oracle is no longer relevant. MySQL is replaced by MariaDB. Java is starting to become disabled on browsers. PeopleSoft has shitty code and people are starting to move away from shit.

    Where else can they generate their revenue?
     
    Licensecart likes this.
  5. AuroraZero

    AuroraZero Active Member

    240
    121
    Dec 18, 2013
    The more people like this complain about it, the more people will do it. The only thing she has done is piss off a bunch of people and made them want to prove to her that there are flaws and they can find them now. I would not be surprised if Oracle has an influx of reports now. She has defeated her purpose, unless she did this as some kind of stunt to get more attention. It may backfire on her though and cost Oracle and a lot of other people some things they were not willing to pay though.
     
    souen likes this.
  6. pcan

    pcan New Member

    92
    38
    May 16, 2013
    It's just another proof of the long-time Oracle attitude towards their customers. This is not even the worst one, they are used to sudden increases of maintenance fees and to force-buying unnecessary services. Some Oracle software is technically good, but the rentless exploitation of vendor lock-in is a hopelessy outdated sales tool. Not even IBM does this as it used to do in the past. 

    One of my first priorities at work was to kill all Oracle applications, one by one, no matter how good they worked and what they costed to build (usually in the range of several 100K each). This was painful at first, but saved lots of money and headaches in the long run.
     
    eva2000, Hxxx and AuroraZero like this.
  7. joepie91

    joepie91 New Member

    459
    328
    Jun 19, 2013
    Gosh. I sure wonder what the effect of this is going to be on the supply of Oracle vulnerabilities on the black market.
     
    Hxxx likes this.
  8. Tyler

    Tyler Active Member

    199
    93
    May 27, 2015
    You should thank someone for analyzing your code and pointing out its holes. People pay for that service. Rather than telling customers to f*ck off, maybe it's time for Oracle to f*ck off.
     
    host4go, eva2000 and Hxxx like this.
  9. libro22

    libro22 Member

    121
    17
    May 16, 2013
    Oh wow, I wonder what will replace Java in the enterprise market in the near future.. 

    Depending on seals alone and distrusting security analysts, oh just wow, I can't imagine the chaos. I worry for her future.
     
  10. Kephael

    Kephael New Member

    29
    5
    May 23, 2014
    Oracle makes their money selling various software solutions to all sorts of industries, they don't make their money from Java and MySQL. Java browser applets have been dead for years but Java is easily the most popular language for business applications.
     
    fixidixi likes this.
  11. wlanboy

    wlanboy Content Contributer

    2,126
    1,169
    May 16, 2013
    Java will not die soon.
    A lot of DB2 and cobol stuff was ported to Java using the native interface for C/C++. Second big bag is all the SAP stuff. Third one are the Oracle databases.
    Travelindustry, insurance corps, banks, ... are using Java. They moved their stuff from X/Y/Z to java some years ago. Spent billions and are now running their backends on Java. 
    Hiding all the business logic and databases behind Jax-B/Jax-WS/Jax-RS (XML, Webservices, Restservices).
    Frontend systems normally based on Java, PHP, JS.

    Keep in mind that the "all things have to build with one tool" are over. Seeing a lot of Oracle databases feeded with WPF clients and Phython based web frontends.
     
    fixidixi likes this.
  12. Hxxx

    Hxxx Active Member

    473
    154
    Dec 20, 2013
    Worth mentioning that big companies have their core systems running in a mix of MS SQL and Oracle. 
     
  13. Dylan

    Dylan Active Member

    232
    124
    May 13, 2013
    The same way they've always generated their revenue: enterprise software like RDBMS and Fusion.
     
    fixidixi likes this.
  14. graeme

    graeme Active Member

    172
    41
    Nov 20, 2013
    I love the second last para. Oracle refers to those reverse engineering its code as "sinning". The article says:

    Not such an issue for Java: you could just use the pure open source version, I do not think there is much difference between them any more, and OpenJDK is what you will get from most LInux repos (which makes updates easier).

    On the other hand, its not going to stop people using Oracle, but it is going to put at least some people off. What have they got to hide?
     
  15. fixidixi

    fixidixi Active Member

    307
    71
    May 17, 2013
    Oh man have you every seen an enterprise db? well there are some a whole bunch of sw solutions using it along with all the sw they ship themselves..

    hint http://www.oracle.com/us/products/applications/siebel/overview/index.html

    trust me oracle is such a monster and their db alone is used in enough core systems that its going to be around for... [sigh] yeah you never know but.. ..long enough :)
     
  16. fixidixi

    fixidixi Active Member

    307
    71
    May 17, 2013
    ..or at least should to real audits on its own codebase.. ..and be thankful for those who report issues.. ..as im sure there are *some*..
     
  17. Hxxx

    Hxxx Active Member

    473
    154
    Dec 20, 2013
    Exactly, i mean if you have a million of customers behind your code, testing it, exploiting but they are reporting the findings, i dont see how it is an issue, as long as they impose a set of rules for these reports/findings.
     
  18. HN-Matt

    HN-Matt New Member Verified Provider

    611
    170
    Dec 19, 2013
    The security industry exists to serve the 'naively trusting' and the ignorant among others, to protect them from getting hacked. Ergo,

    *gets mad at the whitehats*

    Maybe Oracle has enough grey-blackhat protection rackets in place and is tired of superfluous whitehat intervention?
     
    Last edited by a moderator: Sep 9, 2015