Oraclesplodes, that's borse


Surprise, Frech Fries, All Lies! The internet exploded again because someone was wrong.

After jduck’s recent rise to infosec rockstar status, which obviously made some people envious ( ) it was only a matter of time before the infosec community found a new target. We did in less than 10 days and as a result this was the infosec community last night:

That was because one of infosec’s favourite targets, Umbrella corp’s nefarious little sister Oracle, has a Chief Information Security Officer by the name of Mary Ann Davidson made a little blog post that was somewhat naive. The post has since been removed, but a copy can be found on the web.archive.org. What goes on the internet, stays on the internet after all.

Now, the infosec community jumped on this like a bazzilion Nelson’s and pointed out that this was a somewhat odd view of how vulnerability research and bug hunting worked.

In case you were in an alcohol induced coma after DefCon (seriously, social media makes me get the impression those con’s are more about booze than infosec) the most amusing statement was:

Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. >Insert big sigh here.< This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”

The naivety from this statement made me lol and in response the hashtag #oraclefanfic is now solely devoted to making fun of the fact that something can’t be abused because it’s against the End User Licence Agreement.

My personal favourite is this one:

Not afraid to throw more cold water on the burning oil @addelindh then posts about a trivial javascript XSS in the Oracle Blog site:

At this point, Troy Hunt, undeniable blog expert, wondered if the removal of Mary Ann Davidson’s blog post was better or worse, afterwhich I coined the word Borse.

Now because any form of response, from really…anyone at all, was lacking I think I should dedicate some time to explain what Borse means and how to use it.

BORSE [boh-rse]

1. To question wether something is better or worse.

Example usage:
Looks like Oracle has now pulled this blog post - does that make it borse?!
I'm not sure if the new Flash update makes it borse.

And to all you naysayers about this awesome new word, I leave this final message

tl;dr: Oracle sucks but borse is an awesome new word