Get the E-Commerce Minute Newsletter from the E-Commerce Times » View Sample | Subscribe
Welcome Guest | Sign In

Oracle's Security Luck Runs Out

By Kelly Shermach CRM Buyer ECT News Network
Oct 18, 2004 1:21 PM PT

Oracle customers may be experiencing security déjà vu.

Oracle's Security Luck Runs Out

On August 31 the company warned of database security holes and released a patch. This morning it told customers that those same holes need immediate attention and strongly advised them to install the patch.

The more urgent warning was issued after Oracle discovered that hackers have been active in exploiting the database holes.

Failure To Communicate

Why didn't the message get through the first time?

Many customers either didn't receive the August communication or failed to act on it because they didn't know if their specific products were affected.

To avoid inviting more attacks, Oracle has provided few details about the holes or which software is affected. Patching is time-intensive, and many companies chose not to install patches they weren't sure they needed.

Database 8i, 9i and 10g, Application Server and Enterprise Manager are thought to be susceptible, but that list is not exhaustive.

"I think there's a communication problem at Oracle," said Noel Yuhanna, senior analyst with Forrester Research. "They haven't clearly specified what needs to be done [and] what databases are affected, [nor have they revealed] the seriousness of this."

Months of Fixes

Yuhanna told CRM Buyer that he has received concerned calls from clients who use Oracle products, inquiring as to whether their desktop software, supported by Oracle databases, will be affected by the security flaws.

"Some of these clients have thousands of databases, and this isn't something that can be fixed in one month's time even," he said.

In order to avoid the problems that left Microsoft's SQL stuck in security incident response mode only two years ago, "Oracle needs to push this information down through top management that these are really important flaws to correct," he said.

New Problem for Oracle

"Oracle has never dealt with this kind of situation in which it has had a flaw in security that covers a wide range of its software," he continued. "Customers obviously are complaining."

Yuhanna said that Oracle has been lucky. It has become well known for the security features inherent in its products, so much so that with the recent release of Database 10g, "it was more focused on making a world-class software with all of the bells and whistles." Attention to security was neglected.

"This is a wake-up call to Oracle to take security more seriously," he said. "Oracle will come back," he predicted, but not until it learns that "all software products are vulnerable to security flaws."

Waylay IO
What do you think about artificial intelligence systems that can outperform humans?
They are revolutionary tools for solving problems facing humanity.
They won't change the world, but they have many practical, beneficial applications.
There's a danger that humans will lose control of AI and there will be grave consequences.
Some of their so-called big accomplishments, such as beating humans at games, are trivial and overhyped.
AI is one more reason to consider living completely off the grid.
Digital River - Talk to the Experts
Contact Center AI Explained by Pop Culture