Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

djberg96 (2603)

  (email not shown publicly)

Journal of djberg96 (2603)

Saturday November 16, 2002
09:11 PM

It's called "strategy"

[ #8984 ]
Oracle recently was so bold to declare ``Oracle 9i Database: Unbreakable. Can't break it. Can't break in''. The center of a huge post-9/11 marketing campaign in order to convey a ``sense of certainty in an uncertain time''. The security community was only so glad to embarrass them for making such a ridiculous claim. One individual found nine serious exploits in Oracle's software only weeks later.

- The Peon's Guide To Secure System Development Michael Bacarella, Netgraft Corp

When Larry Ellison first made this claim, I thought it was absolutely brilliant. He knew damned well Oracle wasn't bulletproof, but he wasn't sure what vulnerabilities it had.

Solution? Boast about how secure your software is with the full knowledge that the world is full of hackers who love to try and break software. He knew they couldn't resist the temptation to try. You may as well have been asking a little kid not to eat a piece of candy in his pocket.

Result? Tons of free consulting that resulted in the exposure of security flaws that they could now fix. Hell, if they were lucky, some of the folks even sent a patch. I would have done the same thing Mr. Ellison did, although with the knowledge that you can't go to that well too many times.

Thanks for the free work....SUCKERS!

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • ... the said "Peon's guide" was written by some guy who didn't exactly impress with his expertise and/or tact. He came through as a young pompous asshole who didn't exactly have anything original to say, but he said all that with undeserved arrogance.

    • True, but my main point is that there are so many programmers/hackers out there who never saw through Mr. Ellison's stunt, and still don't (or won't).