The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community. The memo is now public and, since decoding corporate messaging is part of the job for any Register vulture, we've …
Reputations can always take a few dings, but to properly lose it takes real effort: you have to show a real contempt for your customers, treat license renewals as a chance to literally suck the lifeblood out of corporate IT budgets, fail to show any real vision and generally enshitten every promising technology your mergers and acquisitions team land you with.
It's not easy, it takes time but I think Big Red may have finally nailed it. I for one will raise a glass and whisper "schadenfreude" to their eventual demise.
I think we should add "bankrupted the UK's second biggest city" to their score sheet (see el Reg passim)
Well, the hacker posted a video showing him in a webchat as a user from the data dump, so the line that "the hacker was not able to access any customer environments" seems to be false.
Then again, Oracle's handling of this has been utterly appalling so it's no big surprise they're still telling porkies.
Also, nobody broke into any of the baggage compartments on the train, and anyone who tells you different is a liar, liar, pants on fire! Never once did any unauthorized person access or remove any passenger belongings from any secure area of any train.
...Some clever bandits did make off with 6 million pieces of passenger luggage we'd temporarily piled on the siding overnight while the train's baggage facilities were being sprayed for Novell source code. (Can never be too careful.) So, really, that's on you irresponsible people for not being more careful about where we leave your luggage.
But never once was anything taken from the train, nor did any unauthorized persons succeed in boarding the train! (Heck, we didn't even find any Novell code. So, good news all around. You're supremely welcome.)
King Lear: I wish to move the kingdom's ERP to the cloud. What you you think, my daughters?
Regan: The cloud is built on trust father. Who better to trust than large organizations with expert IT security staff?
Goneril: Oh father, we won't have to mind the hardware any longer and save fortunes! A brilliant move it is!
Cordelia: Do you even read the news, dad?
"I recommend anyone which uses Oracle cloud to initiate a migration to other more reputable, organized, secured and honest vendors," he said. Whilst I wholeheartedly agree with this advice, I think it will fall on deaf ears; for most people it will be just too difficult and expensive, oh, and Oracle has advised that everything is just fine, which must be true. So, no change here, then.
Are there any? Azure had the Chinese and Russians bouncing around for 6 months before anyone noticed. Google happily deletes customer data for shits & giggles it seems. I've not seen much on AWS but since there are 1000s of open AWS S3 buckets open on the Internet, I'm assuming they cover their backsides better than Microsoft or Google.
Why anyone thinks trusting your data & customers to a bunch of shysters who've consistently proven they don't care about their customers, don't do testing anymore, shipped expertise out to Indian firms who will tell you to reboot your Kubernetes setup as a fix is just nuts...
And the fact that in that last paragraph you don't know WHICH cloud provider I'm talking about speaks volumes
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
