Without any more fanfare than is given to any standard press release, Oracle reported yesterday on some of its users’ experience with Unbreakable Linux. Given that Oracle sued SAP for “corporate theft on a grand scale” last week, it’s interesting to note some similarities — and some differences.
|Oracle – SAP||Red Hat – Oracle|
|Who took from whom?||SAP’s subsidiary TomorrowNow took from Oracle, according to the suit||Oracle took from Red Hat, according to Oracle|
|What’d they take?||Support materials||An OS and publicly available support materials|
|Was it allowed?||No, says Oracle. Maybe, says an analyst.||Yes — open source|
|End result?||Support for Oracle at half the cost||Support for Red Hat at half the cost|
|Why’d they do it?||To undercut a competitor||To undercut a competitor|
|Reaction?||A lawsuit||No lawsuit|
Of course, open source is open source, and proprietary information is proprietary. And Oracle may get a court to agree that when TomorrowNow allegedly downloaded support information for one client and used the same information to support others it was “stealing software products and other confidential materials that Oracle developed to service its own support customers.” Or the court could decide that proprietary information — once legitimately paid for by a customer and used by a VAR to support that customer — can be used for other purposes with no further obligation to the original owner. And that’s assuming the case even makes it to court — Oracle and SAP could settle, instead.
IP arguments are complicated, and VARs involved in this kind of support could be culpable to the vendor who supplied the software and the documentation. So the difference between open and closed is no joke.
But it’s interesting to note the parallels, nevertheless.
If you haven’t been paying attention to Oracle’s lawsuit against SAP subsidiary TomorrowNow, then you may want to start. If you’re in the business of providing after-market support for packaged applications, or migrating customers from one package to another, then how this suit plays out may have a direct effect on you.
Oracle is suing over alleged misuse of customers’ support licenses for PeopleSoft applications. TomorrowNow, a company started by ex-PeopleSoft execs, is in the business of getting clients off PeopleSoft and onto SAP’s applications; allegedly, TomorrowNow employees accessed support data from Oracle improperly to provide support for Oracle applications—and passing technical data along to other partners.
If Oracle is successful in this legal gambit, it could make life interesting for SIs and VARs who provide their own, discounted training and support to clients for packaged applications like Oracle’s, or other technology. If you provide technical assistance to a customer as part of a migration or upgrade, or offer alternatives to the support and training provided by suppliers, are you opening yourself up to the kinds of claims Oracle is making?
FBI wireless network at risk A report into the US Department of Justice’s wireless network project says that after six years and $195 million it is falling to bits. [Inquirer]
Survey: CIOs like their jobs, not their outsourcers With their salaries and budgets on the rise, a majority of CIOs speak highly of their jobs in a new survey. Yet they have mostly harsh words for their outsourcing relationships. [eWEEK]
Multiple Cisco Unified CallManager and Presence Server denial of service vulnerabilities Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers. [Cisco]
Webroot study finds 43% of firms hit with malware The security vendor’s State of
Internet Security report surveys 600 companies on their experiences with malware threats. [eWEEK]
“Full exploit code” has been published that would let attackers cut-and-paste their way to an effective assault on Internet Explorer installs, according to a report Monday from Websense Security Labs.
Microsoft reported Feb. 13 that the flaw – known since February to affect the ADODB.Connection ActiveX control in the Microsoft Data Access Components — would allow attackers to hijack targeted machines.
Security services providers and IT administrators who have not yet updated their IE installations can download the patch from Microsoft.
The flaw was discovered last July by Metasploit Framework creator H.D. Moore. Separatelym Moore announced Tuesday that version 3.0 of his popular penetration testing tool is now available.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.
Protecting customers from malware can be like juggling grenades — hectic enough while things are going well, but positively frantic (for a little while) when they’re not. Whatever their positive characteristics, customers tend to get angry at VARs who did (or didn’t do) something that lets a worm, virus or Trojan into their system.
On the theory that a little help is welcome and a lot doesn’t hurt, either , check out SearchSecurityChannel.com‘s new AV resources, including the Antivirus Project Guide, then stay up-to-date on antivirus news, strategies and tips aimed at the channel on SearchSecurityChannel.com‘s Viruses, Worms, and other Malware topic center.
For the next level of support, try antivirus software vendors and information sites that offer instructor-led and online courses and training to give you and your support engineers some of the AV skills they need, not to mention help explaining to customers what the threats are and what you can do to protect them :
- Panda Software Companies’ Basic Virus Course (online, free with registration)
- Symantec Antivirus Corporate Edition Training (onsite, in metro areas, online, cost varies)
- Introduction to Computer Viruses on About.com (online tutorial, free)
- CA’s eTrust Antivirus SPT Training Course (8 hours, load on computer, $800)
- Network Associates Antivirus Software Solutions by CBT Direct (online, price available upon request)
Napoleon Bonaparte — who knew something about how to overcome a persistent threat — said “victory belongs to the most persevering.” The perseverance is up to you, but we can help with the information on tools and techniques you can use to keep up. Let us know how it’s going, and what kind of information you need — from vendors, customers or each other — and we’ll enlist all three in the initiative. Until then, keep juggling.
Blog: Exploit code is out for a critical Internet Explorer vulnerability that Microsoft reported in its MS07-009 bulletin. [eWEEK]
A new tool called Jikto can turn any PC or device with a browser into a site attacker. [eWEEK]
IT pros eye Windows Server 2003 SP2 with caution Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2, which arrived with little warning two weeks ago. [SearchSecurity.com]
20 million copies of Vista reported sold Analysts questioned the figure and said it shed little light on the program’s popularity during its first month on the market. [NYT]
Linux kernel to add VMI The next stable update to the Linux kernel, Version 2.6.21, is slated to include a new feature submitted by VMware called Virtual Machine Interface. [eWEEK]
Next version of GPL to cover Novell-Microsoft deal The non-profit group that owns rights to much of the Linux operating system says it will seek to undermine a controversial deal between Microsoft Corp. and Novell Inc. through a new software licensing agreement to be unveiled on Wednesday. [Reuters]
Although Oracle’s lawsuit against SAP is directed against the German-based software giant, SAP’s channel partners could also be held culpable for any role they may have had for using software and documentation that turns out to have been illegally obtained, according to one lawyer specializing in intellectual property law.
Systems integrators (SIs) and consulting firms that provide support for Oracle products should prepare for any potential legal action by documenting what they did and didn’t know about the origins of materials given to them by SAP, according to Tucker Griffith, partner at McCormick, Paulding & Huber LLP.
Those partners are at risk if Oracle is “going on a theory that this was stolen material — and I’m pretty sure they are going on that theory — and if they’re going on the theory that some of the stuff was trade-secret protected,” Griffith said. “If you [the VAR] had reason to suspect it was stolen, or suspect it came from illegal means and illegal sources, then you might have some culpability.”
It would also be prudent for partners whose contracts with SAP do not include an indemnity clause to negotiate with the company to get one, he said. Indemnity clauses, in which one company insures another against lawsuits, can be written with generic language or be specific enough to, for example, specify whether the party offering indemnity will also cover court fees, he said.
Those partners who find themselves needing to negotiate for indemnity may have some leverage, though. Partners can point to the bad press the suit may generate for SAP and hint that they would consider migrating to other vendors if SAP does not earn their loyalty, Griffith said.
The lawsuit against SAP alleges that TomorrowNow, a provider of third-party Oracle support that SAP acquired in 2005, used Oracle customers’ login information to access Oracle’s support site. There, according to the 44-page complaint Oracle filed last week, TomorrowNow downloaded thousands of materials — software and documentation — which it then used to undercut Oracle’s own support.
But players at TomorrowNow, and SAP may have not thought they were doing anything wrong, Griffith said. They did not appear to try to cover up their tracks — the logins were traced back to computers in Bryan, Tex. where TomorrowNow is located — and Oracle did not take steps to prevent bulk downloads like those it accuses TomorrowNow of making.
“The defense would be well: we thought there was nothing wrong, because if we thought there was something wrong about it, we would have made it less obvious, less blatant,” Griffith said.
Oracle and SAP have continued to remain mostly silent about the suit, although SAP did issue a press release Friday saying that it will “aggressively defend against the claims made by Oracle.”
Vonage told to stop using Verizon technology A judge ordered the Internet-based telephone service to stop using technologies patented by Verizon Communications. [NYT]
SMBs face big challenges in meeting regulatory requirements Managed services and better policies can help SMBs deal with costs associated with archiving and protecting data in the name of compliance. [eWEEK]
Wireless industry gears up for WiMax Where does 3G wireless go from here? Many equipment makers and carriers are looking to the packet-based technology known as WiMax. [CNET]
Windows weakness can lead to network traffic hijacks Problem in the way Windows PCs obtain network settings could let attackers hijack traffic, researchers warn. [CNET]
The news that Oracle sued SAP shocked the IT industry yesterday, and the dust hasn’t begun to settle yet. In addition to SAP and its wholly-owned subsidiary TomorrowNow, Oracle named 50 “Doe” defendants who are still unknown but may include channel partners such as systems integrators and resellers.
TomorrowNow provides third-party support for Oracle products, especially its PeopleSoft and JD Edwards lines of applications, at half the cost Oracle charges. It also works with several consultancies and systems integrators to provide support on their behalf. About a dozen or so of these are smaller, regional-level firms, said Bob Geib, vice president of sales at TomorrowNow, in an interview with SearchITChannel.com earlier this month.
Because many of those firms fear retaliation from Oracle for providing support through TomorrowNow, Geib said, “many, many of our efforts with partners are what I would call under-the-radar opportunities.”
It is unclear whether any of those partners may be dragged into the suit. But one clause in Oracle’s filing reads:
“Oracle is currently unaware of the true names and capacities of Does 1 through 50, inclusive, whether individual, partnership, corporation, unincorporated association, or otherwise, and therefore sues these defendants by such fictitious names. Oracle will amend this Complaint to allege their true names and capacities when ascertained.”
According to the suit, TomorrowNow’s “cut rate support” was made possible, at least in part, from thousands of illegal downloads of software, patches, documentation and other information made by TomorrowNow using logins provided by Oracle customers whose service agreements were about to expire.
The nature of those service agreements does not allow Oracle’s customers to share those downloads with third parties, and many customers downloaded information they themselves were not authorized to access, Oracle chrged.
TomorrowNow was founded by former PeopleSoft employees and was acquired by SAP in January 2005, at about the same time Oracle announced it would acquire PeopleSoft. Oracle claims in the suit that the timing is not coincidental, but does not provide further evidence.
Oracle and SAP both declined to comment further on the lawsuit as of Friday evening.