Thread regarding Oracle Corp. layoffs

Oracle cloud insecure

Had this happen to a customer using one of the oracle cloud services.

https://www.theregister.co.uk/2018/01/09/oracle_weblogic_hole_primed_to_pump_monero/

Basically cronjobs were replaced with a crypto miner job and resources were maxed out.

The so called engineers at oracle cloud have NFI and did not communicate this to the customers.

Stay away from oracle cloud.

by | Post ID: @RcBHcXT
1744 views | 14 replies (last )
Comment! It's anonymous! Reply to this post anonymously by submitting the form near the bottom of the page!

14 replies (most recent on top)

Rather surprised at the response for this - 1000+ views already! Wish I could say more but can't. I will say that I was part of the RIF in APAC and only started "helping" this customer recently. If I could I would take a position that did not use Oracle but there's just too much competition in APAC region for jobs. Nevertheless I am still aggressively networking with companies and colleagues not using Oracle software.

by | Post ID: @RcBHcXT-3ram

It's not because teams aren't concerned about security, it's that Oracle is so focused on claiming revenue that they'll grant a waiver for almost anything just to get a release out.

This I believe, desperation breeds recklessness

by | Post ID: @RcBHcXT-1gnw

It's not because teams aren't concerned about security, it's that Oracle is so focused on claiming revenue that they'll grant a waiver for almost anything just to get a release out.

by | Post ID: @RcBHcXT-1ptm

Its even worse from 28 Feb. there will be no experienced engineer left anymore in Europe they are all on the street, so whats left some school kids in Romania as that is the only country Oracle still invest in in EU. If you have a big issue you will need to wait more then 8 hours for an American expert to come online and able to help you out. Advise press the escalation button as fast as possible, if that doesn't help fast enough escalate again which will then wake up a higher manager.

future solution search for alternative software and hardware.

by | Post ID: @RcBHcXT-1qlk

We have so many systems in our cloud with CVSS 10 vulnerabilities that are years old and still not patched. VERY OLD NEWS!

by | Post ID: @RcBHcXT-1jva

People should now be very concerned if the GOVERNMENTS of this world are going to start using Oracle Public Cloud services, or even Oracle Cloud at Customer (which is not rolled out anywhere yet). The lack of security and back up disaster recovery is enough to give any technology decision maker pause. This world is getting crazier and crazier.

by | Post ID: @RcBHcXT-tfs

British government is loading up Oracle Cloud services now. Lucky Brits!

https://www.theregister.co.uk/2018/01/11/shared_services_strategy/

by | Post ID: @RcBHcXT-zir

The sales team will soon consist of high school cheer leaders.

by | Post ID: @RcBHcXT-ykj

Is oracle cloud a high school project run by a bunch of third graders?

Yes

by | Post ID: @RcBHcXT-zeq

This is absolutely hilarious. Is oracle cloud a high school project run by a bunch of third graders?

It impossible to comprehend this much incompetence at so many levels.

by | Post ID: @RcBHcXT-zaq

The attack appears to be difficult to miss because it also kills the WebLogic service on the target machine. But at cloud providers, evidently, customers aren't paying very close attention.

LOL.... the WebLogic server DIES all the time. Maybe they can't tell the difference? It just dies for no reason anyway, why would they notice one more crash?

by | Post ID: @RcBHcXT-wfz

No the cloud airhead developers have no idea, no doubt. Should have been followup with customers to make sure patches were applied.

No grown-ups in the room.....

by | Post ID: @RcBHcXT-hsx

This is not PeopleSoft, it is a problem with the WebLogic server which is what Oracle cloud and everything else is running on.

The vulnerability ALSO affects Oracle's PeopleSoft software, which CAN include WebLogic as a server.

An Oracle WebLogic vulnerability fixed in October last year is being exploited on unpatched machines to mine Monero, a cryptocurrency, and other lesser-known imaginary coins.

The problem is in the crap WebLogic server that Oracle got from BEA. I'm sure all the people from BEA who knew what they were doing are long gone, acquisition happened in 2008.

Oracle cloud is crap.

by | Post ID: @RcBHcXT-ffd

I don't like how Oracle does business but you are completely wrong here...Peoplesoft is an application that runs on AWS, Azure, Google, Oracle or whatever cloud that are out there. It's not Oracle Cloud that's insecure.

by | Post ID: @RcBHcXT-aeq

I don't like how Oracle does business but you are completely wrong here...Peoplesoft is an application that runs on AWS, Azure, Google, Oracle or whatever cloud that are out there. It's not Oracle Cloud that's insecure.

by | Post ID: @RcBHcXT-vqz

Post a reply

: