Thread regarding Oracle Corp. layoffs

We are the next Equifax

The Equifax break in seems to be because they had not fixed a Struts security hole for for which a fix had been distributed a few months earlier. Our cloud is full of systems that have not has security patches applied in YEARS. There are literally thousands of known security issues in our public cloud that we are too cheep / lazy / incompentant to apply our OWN updates to fix.

That is not all. Simple security protections are usualy disabled. We still use old encryption and hash algorithms that have been known to be vulnerable for years. Trying to report these issues internally is useless because the people running our cloud don't have the technical background needed to understand the risks.

We have already had several break ins where customer data was almost certainly compromised. These events do not get reported externally, so our customers have no idea how much risk there is in letting us host anything for them.

by
| 1401 views | | 5 replies (last ) | Reply
Post ID: @OP+Phnwu0U

5 replies (most recent on top)

Most customers don't even know how to audit our cloud.

Worse, oracle SaaS that came thru acquisition isn't even built using oracle tech (Oaks paas oracle DB etc). It has to be retrofitted to fit the "red stack". See this thread for how quality tech work inside oracle does(n't) take place to know all you need to know about the situation.

by
| | Reply
Post ID: @1ura+Phnwu0U

Absolutely agree. It's a disaster waiting to happen. I don't know about security, but the groups working on the "cloud" have no technical idea what they are doing.

I left the cloud area a year and a half ago. I was appalled. It's just an unbelievable mess.

I was working with a group that had been working with ADF and the application server environment FOR YEARS and they had no idea how to do anything. The app server is a huge mess/mix of crap. They kept having problems with the wrong functions called from the wrong versions of the jar files in the server.

Talk to the manager and he wants them to just workaround the problem cause he hates the other managers and they hate him. There is no cooperation between groups at all. No one can speak to anyone in another group without the manager's permission. Try to tell that to the management above and they are completely CLUELESS and they don't want to "get involved".

There was a new version of a jar file that was needed to be replaced and I advocated for that to be done correctly all the way around. I was overruled by the "management" because they didn't want to say to anyone above them that there was a problem that needed to be dealt with. So, they just shoved the other version in there, crossed their fingers and prayed.

While I can't say anything about security, the environment is intensely dysfunctional. It's unbelievable. If you are an engineer in the "cloud", be sure that if anything goes wrong, it's not the narcissistic manager you work for that will get the blame..... it will be you... no matter what you warned them about..... it will the engineer that gets the blame.

You can't trust anything. If you are a customer who currently uses oracle tools, you already know what a mess that is. The "cloud" is a thousand times worse. A lot of the management that brought you the crap tools is working on the crap cloud.

Customer beware.

by
| | Reply
Post ID: @oaq+Phnwu0U

<Trying to report these issues internally is useless because "the people" running our cloud don't have the technical background needed to understand the risks.

This should be:

Trying to report these issues internally is useless because "the thugs and pirates" running our cloud don't have the technical background needed to understand the risks.

by
| | Reply
Post ID: @ttq+Phnwu0U

Maybe they don't audit it because they don't intend to use it? It's just thrown in as part of the deal. It's shelf or vaporware.

by
| | Reply
Post ID: @myp+Phnwu0U

Isn't it amazing that most customers don't audit oracle's cloud before signing up, or maybe they have no intention of actually using oracle's cloud and therefore don't care.

by
| | Reply
Post ID: @jkz+Phnwu0U

Post a reply

: