Oracle is the victim of a web "Smear"
Oracle Corporation is falsely accused of hosting hacker attacks
In a report that might have become a scalding blemish on the
security of the Oracle database, Oracle's corporate servers were
recently (and falsely, it turns out) "accused"
of hosting hacker attacks.
Reports of these accusations were published on July 13,
2007 by "The Register" with a headline that was guaranteed
to draw in readers:
"Oracle UK systems
accused in 'SSH hacking spree'",
Now, readers would assume that The
Register was reporting on someone who made this "accusation".
Nope. The accuser, in this case, was a computer-generated
report, which, evidently, the reporter failed to fully understand.
Inflammatory headlines always draw
attention, and anonymous trolls leaped-in, happy to have a chance to
publish more lies about Oracle without getting caught.
At the end of this "smear job"
article, we see a plethora of nasty factual allegations of misconduct by Oracle
Corporation: (Note: The "facts"
below are submitted by anonymous authors)
"Oracle's networks have long been a
significant source of spam, apparently injected from compromised
machines. I've reported it on numerous occasions to their
postmaster and their abuse desk but never even had a reply. . .
the servers involved are running Oracle
databases and hence have to be held down at some ancient patch
level . .
For some years we've had drivel and utter lies
from Oracle about the resilience of their products."
Buried in the comments section of
the article, one reader dares to reveal the likely truth:
"I don't doubt that to date, there is no
evidence for any attack originating from that machine. However,
given the machine is listed as emea-netcache1 its highly likely
its just a proxy and forwarder.
Regrettably, it has become very
easy for irresponsible publishers to hurl false accusations against
innocent corporations, especially since the UK appears to have
The too-late Retraction
too-late retraction (eight days later, on July 21st) this author
attempts to undo his "accusations" that Oracle servers were hosting
"The listing implied a computer (or
multiple computers) at Oracle UK been compromised for weeks,
allowing hackers to gain access to Oracle's bandwidth to hack
other boxes elsewhere on the net."
Regardless of the retraction, who
knows how many people believed this irresponsible journalism?
As an Oracle professional, I saw-through the "smear job", but it's
sad that a major publication can grossly mislead the public with
false allegations of criminal wrongdoing.