Monday, December 20, 2021

Fair Warning to Auditors of Public Companies: You Could Get Sued This Year!


When I said you should short Oracle stock, you should have listened to me. Why? Just read today's Washington Post (CLICK HERE).

Because China has been using the Java logging 0-day exploit to drop stuff into Oracle sites for a while. You think patching the system solves the problems? Hell, not while these systems have been open for so long. You ain't seen nothin' yet.

But the good news for Oracle is that ANYBODY using Java logging has been wide open and well-and-truly screwed. If I were the auditor for a public company, I'd ask some tough questions before certifying their annual report. Otherwise, a disgruntled stockholder might just sue the auditor along with that firm's client.

Sunday, December 12, 2021

You Might Want to Short Oracle Stock Before The Market Opens

 Just a quick note before the Monday shit rain.

A close associate reports spending the weekend patching a zero-day Java vulnerability on tens of thousands of Oracle servers, now vulnerable. The zero-day was reported from…CHINA! Any public-facing Oracle database that uses Java is open, including all the defense department and government systems. My friend speculates that that Amazon outage was an early sign of this exploit. You get read access to any Oracle database (and my friend reports they were getting 10,000 attempts a minute to use this exploit), and
Oracle's legal liability could be astronomical.

Fair warning, sports fans.