←back to thread

Oracle attempt to hide cybersecurity incident from customers?

(doublepulsar.com)
630 points 2bluesc | 4 comments | 31 Mar 25 15:11 UTC | HN request time: 0.849s | source
Show context
nerdjon ◴[31 Mar 25 16:18 UTC] No.43536732[source]
This is honestly wild.

Whether we like it or not security incidents have become such common place in the last several years that if they just admitted to it this entire story would have likely been shrugged off and mostly forgotten about in a couple days but instead it is turning into an entire thing that just seems to be getting deeper and deeper. (Not downplaying the security incident, but that is the unfortunate reality).

Seriously if I can't trust that I am going to actually be told and not lied too when there is a security incident at the bare minimum, why would I chose to work with a company? What is Oracle's end goal here?

Are they somehow really confident that this didn't happen, maybe they don't have the logs to confirm it? Trying to think about how this is anything except them just straight up lying.

I can't remember the last time we saw a company this strongly try to deny that something like this happened. Especially when according to Ars Technica:

> On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldn’t be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.

replies(4): >>43537096 #>>43537117 #>>43537883 #>>43538790 #
sofixa ◴[31 Mar 25 16:51 UTC] No.43537096[source]
> Seriously if I can't trust that I am going to actually be told and not lied too when there is a security incident at the bare minimum, why would I chose to work with a company? What is Oracle's end goal here?

I think you're coming at this from the wrong point of view. Oracle couldn't care in the slightest about what regular people think of them. Remember, they are the company that sent lawyers after the employers of folks who downloaded non-free but bundled by default extensions to VirtualBox, and the company that declared that you need to license every core their software could _potentially_ run on in your virtualisation estate (so if you have a 8 vCPU VM for some Oracle software, you need licenses for however many physical cores you have on your cluster). They've variously been described as a law firm with an engineering side business, and One Rich Asshole Called Larry Ellisson. Speaking of whom, he multiple times flat out lied on stage to make his shitty "cloud" nobody cares about seem relevant compared to AWS.

Nobody buys Oracle because they like them or their good reputation. You buy them because you have legacy stuff that depends on them and you have no choice (even Amazon took many years to get off Oracle databases, and they wrote a gloating success story one they were done with it because they were that happy to be rid of the leeches), or because your bosses' boss was convinced at a golf course they're getting a good deal. Or because their bandwidth is very cheap and you accept the risk of dealing with the devil incarnate with zero morals. (cf. Zoom).

Oracle is like Broadcom. Everyone hates their guts, everyone who worked there has a black mark on their CV. Yet they persist, continue leeching off companies too scared to make the jump elsewhere.

replies(3): >>43537604 #>>43538360 #>>43539488 #
devsda ◴[31 Mar 25 18:49 UTC] No.43538360[source]
> everyone who worked there has a black mark on their CV

I hope this is hyperbole. Rank and file employees are not responsible for corporate policy or direction, especially in places like Oracle.

replies(3): >>43538619 #>>43539661 #>>43546659 #
decimalenough ◴[31 Mar 25 19:12 UTC] No.43538619[source]
It really isn't. Oracle has had a terrible reputation since forever, and every ex-Sun engineer I've met has taken great pains to explain they did not join Oracle voluntarily.

It's kind of like working for a tobacco company or arms manufacturer in payroll or something: you're not directly responsible for killing millions of people, but by choosing to work there you're still kind of condoning it.

replies(3): >>43539106 #>>43539771 #>>43540048 #
1. psunavy03 ◴[31 Mar 25 20:45 UTC] No.43539771[source]
> arms manufacturer in payroll or something: you're not directly responsible for killing millions of people, but by choosing to work there you're still kind of condoning it.

It morbidly amuses me that this kind of argument can still be made given what's going on in Ukraine. Governments have militaries for a reason, and there's a reason Europe is now scrambling to re-arm itself.

replies(1): >>43541154 #
2. decimalenough ◴[31 Mar 25 23:29 UTC] No.43541154[source]
Governments have militaries for many reasons. If you work at a US arms manufacturer, some of your output may indeed being going to defend Ukraine, but some of it is also going to the Israeli military in Gaza, the Saudi Arabian military in Yemen, and a long, long list of countries listed here:

https://en.wikipedia.org/wiki/United_States_military_aid

replies(1): >>43543037 #
3. psunavy03 ◴[01 Apr 25 05:07 UTC] No.43543037[source]
See how the goalposts now move from "arms manufacturer in general" to "I don't agree with US foreign policy."

And even assuming that's true for the sake of argument, what? Lockheed Martin, Raytheon, et al. are just supposed to shut down for good the moment one politician makes a morally questionable decision? Life is not that black and white.

replies(1): >>43543987 #
4. decimalenough ◴[01 Apr 25 07:53 UTC] No.43543987{3}[source]
You're inventing your own goal posts here, since I didn't say anything of the sort.

To repeat: if you work for an arms manufacturer, you condone killing people. Hopefully it's because you think the weapons are killing enough Nazis/terrorists/bad guys to outweigh the occasional innocent civilian, but their blood is still on your hands.