Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Sues SAP for Spidering Their Support Site

Posted by CowboyNeal on from the knock-it-off dept.

TodoInSATX writes "Oracle has filed a lawsuit against SAP. Among the claims made against SAP are violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, Unfair Competition, Intentional and Negligent Interference with Prospective Economic Advantage and Civil Conspiracy. From the actual complaint: 'SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.'"

8 of 148 comments (clear)

  1. The actual suit.. by Cervantes · · Score: 4, Interesting

    I'm reading through the first bit of the actual suit, and here's what caught my eye:

    These "customer users" supplied user information (such as user name, email address, and phone number) that did
    not match the customer at all. In some cases, this user information did not match anything: it was fake. For example, some users logged in with the user names of "xx" "ss" "User" and "NULL." Others used phony email addresses like "test@testyomama.com" and fake phone numbers such as "7777777777" and "123 456 7897."

    Now, they do state that the IP doing the downloading was an SAP branch office in Texas... but still, if your supposedly secure support site accepts "xx" and "ss" and "User" as valid logins to access support documents and what appears to be actual product downloads... well, what the hell?

    I think I just became a little less likely to buy either SAP or Oracle software, if this is their idea of ethics and security, respectively.

    --
    If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
    1. Re:The actual suit.. by jrockway · · Score: 2, Interesting

      That's the same e-mail and phone (almost) that I gave Oracle, too. Do people actually give their real information to Oracle, just to download docs for products they've paid hundreds of thousands of dollars for?

      No, they don't.

      --
      My other car is first.
  2. Re:Using customer logins? by Anonymous Coward · · Score: 3, Interesting

    No they don't, many sites will allow googlebot into their site without registering. In fact on some sites that normally require logins you can change your browser's identity to googlebot and get into the site without registering. That's how google caches non public sites, they don't use usernames and passwords.

  3. Personnally... by bobcat7677 · · Score: 2, Interesting

    I don't blame SAP for using whatever backchannel means nessasary to access Oracle's knowledge base. I'm sure it was completely out of nessesity to support their customers. It has always baffled me how completely locked down Oracle is when it comes to their support. If you are not paying on a support contract and have a login with sufficient rights, there is basically nothing to see of any use on their website. As a deveoper trying to evalute a demo copy of the DBMS, I found it comepletely useless and ultimately was not able to get the demo to work because I couldn't get any support on it. The "big evil corporation" Microsoft doesn't have any problem putting their knowledgebase and troubleshooting guides out for public consumption, why does Oracle need to keep their's a closely guarded company secret?

    Oh, and I think what they were referring to with the phrase "Thousands of proprietary software products" was all the patches for their DBMS.

  4. Re:What by ray-auch · · Score: 5, Interesting

    Well, typically only really big places use it since it costs millions and takes years (and more $$$) of consultancy and configuration to roll it out.

    When you finally get it, the UI is an excercise in how many good UI design principles can we possibly break on one screen. Response to comments on the UI ? - "Vee are the third largest softvare company in zee vorld" (or in other words, they're so successful they must be right).

    Be thankful you've never had to use it.

  5. Re:You're Missing Out by TubeSteak · · Score: 3, Interesting

    right before the complaint talks about all that, it says this:

    "SAP employees using the log-in credentials of Oracle customers with expired or soon-to-expire support rights had, in a matter of a few days or less, accessed and copied thousands of individual Software and Support Materials. For a significant number of these mass downloads, the users lacked any contractual right even to access, let alone copy, the Software and Support Materials."

    While that doesn't excuse SAP, you have to wonder at the kind of security Oracle has got on their support site. I mean, they don't revoke access to expired accounts & they give accounts more access than was paid for.

    Seems pretty shoddy to me.

    --
    [Fuck Beta]
    o0t!
  6. Re:What by l-ascorbic · · Score: 4, Interesting

    It has a market cap of $57 billion. That's larger than Yahoo, over twice the size of Sun and only around 25% smaller than Oracle. To put it in perspective, MSFT is three times the size of Oracle, the number 2. The numbers would be similar if you did it by revenue, but that's more annoying to look up. The fact you haven't heard of them doesn't prove that they're insignificant - just that you're ignorant.

  7. Oracle is the Next SCO by tjasond · · Score: 2, Interesting

    Oracle is a company that appears to be driven by talented technical folks with blinders on. I'm only a techie, so I could be completely wrong here, but how many times has Oracle tried to reinvent the wheel rather than buy companies with the capabilities they were looking for? There are too many to list here, but after browsing their site (over the course of several years, which you'll have to do if you ever want to use their database product), they have invested a lot into things that they should have acquired.

    They targeted the Java development crowd, but failed to do anything that appealed to a typical Java development shop. For instance, they have some kind of ORM tool, but JBoss bought Hibernate, which has now become nearly standard, as much of it is backed by/included with EJB 3. Adobe bought JRun from Alaire which, at the time, Oracle had the cash to purchase. Instead, as far as I know, Oracle chooses not to provide their own Servlet container. Furthermore, they probably could've bought BEA at some point, but chose not to. Arguably this could have made them be what it appears they're trying to become - an end to end solution for application development.

    Couple that with the fact that they are getting hit hard by MySQL, PostgresSQL, and SQL Server, and you have a solid case as to why Oracle is on their way down. A friend and I were talking about this just the other day. The conclusion we came to was that sure, Oracle was great and innovative back when we were still using 486 processors, but now they are irrelevant for 90% of the market, if not more, due to increased availability of fast hardware. Oh, and their database is in large part a huge pain in the ass that cannot be uninstalled. As mentioned before, much of it is unnecessary for 90% of applications out there. Actually, the only people I see using/advocating it are people with the same mentality of "People never got fired for choosing Microsoft", or people that are a "DBA" in Oracle, which is equally absurd.