Language Selection

English French German Italian Portuguese Spanish

Oracle's Lunacy

Filed under
Security
  • No, You Really Can’t

    Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”

    [...]

    But you know, if Oracle's strongly-worded letters are written in Davidson's style, I think I'd quite enjoy the entertainment value.

  • No, You Really Can’t (Mary Ann Davidson Blog)
  • Oracle security chief to customers: Stop checking our code for vulnerabilities [Updated]

    Perhaps thinking that all the security researchers in the world were busy recovering from Black Hat and DEF CON and would be somehow more pliant to her earnest message, Mary Ann Davidson wrote a stern message to customers entitled "No, You Really Can't" (here in Google's Web cache; it's also been reproduced on SecLists.org in the event that Oracle gets Google to remove the cached copy). Her message: stop scanning Oracle's code for vulnerabilities or we will come after you. "I’ve been writing a lot of letters to customers that start with 'hi, howzit, aloha'," Davidson wrote, "but end with 'please comply with your license agreement and stop reverse engineering our code, already.'"

  • Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

    While other IT industry heavyweights have embraced bug bounties and working with security researchers more generally, Oracle has set its face in the opposite direction in a blog post likening reverse engineering to cheating on your spouse.

    Mary Ann Davidson, Oracle's chief security officer (CSO), expressed corporate dislike from the software giant for both reverse engineers and bug bounties in a long blog post on Monday. The post was pulled on Tuesday lunchtime, but its contents remain available via the Internet Archive here.

  • Oracle to 'sinner' customers: Reverse engineering is a sin and we know best

    Opinion: Stop sending vulnerability reports already. Oracle's chief security officer wants to go back to writing murder mysteries.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Krita 5.0 Arrives Just in Time for Christmas, New Beta Is Out Now for Public Testing

The third beta of Krita 5.0 is here with lots of improvements and bug fixes to make the final release more stable and reliable. For example, it improves the alpha-mask PNG brush tips, adds support for loading the thumbnails for MYB mypaint brushes in a bundle, and fixes performance issues in the Magnetic Selection tool and textured brushes. It also fixes drag and drop of remote images, as well as copy/paste of images from the Google Chrome web browser, disables subpixel translation in the Transform tool, improves the styling of the tagging widget, updates the detection of the Intel GPU driver version, and makes the line tool’s preview faster. Read more

Android Leftovers

Android Leftovers

MX Linux MX-21 Xfce

MX Linux MX-21 Xfce is the complete opposite of my MX-21 KDE review - that one was delightful. The Xfce one is the worst experience I had with this distro, probably ever. I didn't really get to properly test anything due to the general sluggishness, the login freeze, the suspend & wake problems, the Firefox slowness, the kernel oops, and all the rest of it. But the visual customization did show me one important aspect - how much more advanced KDE is, and how fragile scaling is in Xfce. I really am not in the mood to manually tweak 20-30 separate Xfce elements just to have a nice, presentable desktop. That's 2005, and it needs to stop. The Xfce version of MX-21 ain't bad, but it's fragile. Worse yet, the distro behaved far better in the past, so we also have a regression on our hands. All I can say, go for the KDE version, it's amazing (among the best systems I ever tried). Whereas the Xfce one needs to go back to the workshop and get some serious rework. Alas, on that note, and with some mild paranoia swirling in my brain, we end this sad review. Read more