| 00:00 - 00:05 | My friend called and asked if |
| 00:05 - 00:07 | I'd heard about the Oracle breach. It's pretty bad. |
| 00:07 - 00:10 | I said yes, but Oracle says it's not their fault. |
| 00:11 - 00:16 | So probably a cloud misconfig by customers or something. |
| 00:17 - 00:21 | She said: The hacker captured their POC a month ago in the Internet Archive |
| 00:21 - 00:24 | and shared the link to journalists |
| 00:29 - 00:31 | _ |
| 00:31 - 00:34 | When shown, Oracle still denied it was them |
| 00:38 - 00:40 | _ |
| 00:41 - 00:47 | The hacker somehow compromised Oracle Access Management Identity Federation |
| 00:47 - 00:50 | and was able to publish a POC on that endpoint |
| 00:50 - 00:56 | And then they saved it to the Wayback Machine |
| 00:58 - 00:59 | It's there right now |
| 00:59 - 01:01 | Everyone can see |
| 01:04 - 01:06 | And Oracle's saying they're |
| 01:06 - 01:08 | not at all responsible |
| 01:13 - 01:14 | _ |
| 01:14 - 01:16 | Oracle Access Management Identity Federation is |
| 01:16 - 01:20 | written in Java |
| 01:21 - 01:27 | So they'll probably charge their users to patch it. |
| 01:35 - 01:36 | I guess their 700% |
| 01:36 - 01:39 | licensing price hike increase wasn't enough |
| 01:41 - 01:44 | But on a serious note |
| 01:44 - 01:47 | this breach is bad |
| 01:47 - 01:49 | And is going to impact a lot of---of people-- |
| 01:50 - 01:53 | But they're denying it |
| 01:54 - 01:56 | It's so obvious |
| 01:56 - 01:58 | They said: |
| 01:58 - 02:02 | "There has been no breach... |
| 02:05 - 02:07 | "No...customers...lost any data" |
| 02:10 - 02:11 | _ |
| 02:11 - 02:13 | Haven't lost any data?! |
| 02:15 - 02:17 | The auth portal was popped! |
| 02:17 - 02:20 | And who knows how much has been taken |
| 02:21 - 02:28 | If you thought Snowflake's breach was bad |
| 02:29 - 02:30 | _ |
| 02:30 - 02:32 | This is so much worse than Snowflake |
| 02:36 - 02:39 | a major cloud platform's auth portal - pwnd! |
| 02:40 - 02:42 | _ |
| 02:50 - 02:55 | well, maybe not "major" |
| 02:56 - 02:58 | But isn't Oracle Cloud big? |
| 02:58 - 03:04 | Oh sure, a lot of big companies use it |
| 03:04 - 03:09 | But I think it's to lower Java licensing costs |
| 03:09 - 03:11 | Ay Java... |
| 03:16 - 03:20 | They're denying this happened |
| 03:23 - 03:26 | I've never seen such a rebuttal like this |
| 03:31 - 03:36 | _ |
