Slashdot Mirror
Oracle Sues SAP for Spidering Their Support Site
TodoInSATX writes "Oracle has filed a lawsuit against SAP. Among the claims made against SAP are violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, Unfair Competition, Intentional and Negligent Interference with Prospective Economic Advantage and Civil Conspiracy. From the actual complaint:
'SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized
access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.'"
That's slightly different than just spidering.
I'll take your bet. SAP is the world's third largest software company, only behind Microsoft and IBM in terms of market cap. If anything, SAP would acquire Oracle to silence the lawsuit.
I'll never make that mistake again, reading the experts' opinions. - Feynman
I tend to believe this is a kind of abuse of the courts.
*All* big companies and political campaigns beyond water commissioner appointments do exactly this kind of opposition research.
What's illegal about me giving a gmail address while I work for an Oracle competitor and buy some oracle products/services for research?
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
actual like using SAP? I have yet to come across anyone who does. Sure it works and has lots of neat features but seriously, those of us "in the trenches" who must use it regularly... well I for one would rather pull my hair out than use SAP...
Yeah it's OT but I'm curious. If Oracle DID somehow manage to snap it up, would/could they make it any better?
There is simply too much glass..
Ever heard of OTN?
http://otn.oracle.com/ hosts the entire documentation library of every oracle product.
There's also http://forums.oracle.com/
All it takes is just a little looking around and you can find help...no need to blame Oracle for keeping everything under lock and key...because they certainly don't.
Please let me know what your algorithm is for a valid user name. As far as I know, they are free text (which seems perfectly valid.) As for the other information, it would pass your typical regex for validation. If oracle gets a phone number, should they call it to validate that the person has the same information as the login gave. Do you run a website that does something similar, and has the same number of hits the Oracle website does?
I appreciate a holy-than-thou attitude, but please tell me what site YOU are in charge of the security for (and if I can then pass in crap like the above, then you're in for a nice big plate of humble pie, slashdot style.) Alternatively, you're talking out your ass.
Tell me, oh, all knowing moderators, how exactly this is offtopic?
The poster has asked what the acronym SAP means, which is not explained in the summary. Granted the poster could simply have googled it and obtained this:http://www.sap.com/company/index.epx
So how is this question offtopic? Sheesh, sometimes you really have to wonder about the merits of this moderation (censorship) system.
I don't know what you do where you work, but here's the algorithm we use:
Any site that doesn't do a manual validity check should be considered to contain public content.
Not that I'm an SAP fan either, but based on my experiences trying to get good answers out of Oracle's support materials in the past, I'm baffled as to why anyone would even want a copy of it.
Don't get me wrong, there are projects where I'd still use Oracle even so, but if I need Oracle support documents I'm probably going to Google and ignoring any of the responses that go to oracle.com. Generally, some random yahoo on the internet has done a better job of explaining Oracle's products/bugs/problems.
I appreciate a holy-than-thou attitude, but please tell me what site YOU are in charge of the security for (and if I can then pass in crap like the above, then you're in for a nice big plate of humble pie, slashdot style.) Alternatively, you're talking out your ass. I have this funny thing, when I issue a username, I actually make sure it is valid and usable. Similarly, when a website of mine asks for a username, it tends to check and see if that username is actually valid before allowing the user to proceed. The way these logins are presented in the suit, it certainly seems like SAP just made up some random usernames, and Oracle just let them in.
Also, I like to do other, holier-than-thou things, like requiring passwords, and expiring users passwords when their contracts expire. Sometimes, just for shits and giggles, I like to assign usernames in a predetermined format to ensure accuracy, ease of use, etc etc. I like to actually make sure the site is a little bit secure. It doesn't seem like they did a very good job of this.
Also, there are plenty of scripts for plenty of different platforms that will do basic validation on data fields. They can check to see if your phone number is all the same digit, or 123-456-7890. Some of the more advanced forms even require minimum length on usernames or passwords. If you have millions to spend, you can even get super-advanced DARPA user-creation scripts that run checks to make sure your city is valid, or your data meets a required format.
Finally, sometimes, if your luck is amazing and your spirit pure, you can spill coke on your keyboard while you sit in your moms basement, get an electric shock, and purge all that sanctimonious bullshit and "strawmen are our friend" thinking from your pale, pudgy little head. Believe it or not, it's possible to have an informed opinion on something without spending your whole life doing exactly and only that. Although if you don't believe it, it does make it easier to talk smack and belittle your opponent without actually advancing a valid argument, thusly helping disguise an inferior argument or intellect.
And that is a slice of a different kind of pie. Slashdot style.
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
Yes, but its hard to install their software on a PC in your parents' basement. Therefore, from the point of view of Slashdot, SAP does not exist.
No offense intended,
....
.. heh ...
/. reader so I won't need to go through all those hula hoops to find out which that one acronym means ...
....
You assume to know; although; I've got 2 IT people here with me; already for over 10 years active in the field and they've asked ME what SAP was; so don't assume others presume the same ; because such expectations only fail if you find out those assumptions (and presumptions) are flawed...
If you want to assume something; assume something people DO know for sure; but don't "assume" everyone is a walking dictionary/thesaurus/abbrevations guide; don't assume your standards upon another; it's what this world makes rotten; overexpectations of others without thinking about any other factors; maybe presume would be a better world in this context since it's meaning is less aggressive towards its expectations
Tolerance is another something which doesn't get thrown in enough when such expectations are not met; which makes people often striving upon eachother instead of working together to still meet the expectations of another; some of these people call this healthy competition
To my opinion this question was a very valid question which will educate the other slashdotters who DO NOT know which SAP means ; by all means, it's a question which is fully on-topic and should not require further research (leaving the Slashdot realm) before studying its acronyms or content; I'd presume the needed links will be made for me as
I will always keep remembering the quote "Assumption is the f*ckup of mother nature"
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Than again, suppose you're a Oracle customer who's to switch over to SAP. You won't do that on a friday's night within 2 hours. You're more likely to contact SAP and set up a migration project. SAP might ask you for documentation of your current software/environment and tools that might help with the migration. You might answer like most customers answer: "I dunno...here's what we got from them." *hands over a folder with lots of papers, one of it having username/pw for Orcale's KB*
Seeing SAP using some kind of spider/downloader to get all stuff instead of manually looking into each and every document to see if that's one that might be of any help, makes also sense from an efficency point of view.
And in my book "soon to expire accounts" means "still valid (and payed for) accounts". Oracle might blame the (soon to be ex-)customer for sharing his credentials with a 3rd party, but I guess Oracle would (and perhaps does) exactly the same in exactly the same situation when helping a customer in migrating form a competitor's product to theirs.