Oracle and the Ethics of Infosec

The Ask toolbar has a history of nonconsensual installations, which can’t necessarily be held against Ask.com. The decision to force this installation on end users during the installation of a separate software program lies in the hands of the person who creates the installer.

However…

What if the US government issued a warning, urging users everywhere to upgrade your software? If you were already an Ask affiliate, you would presented with a golden opportunity to make millions of dollars by exploiting the fear, uncertainty and doubt that unfortunately accompanies information security warnings like this one.

Enter Oracle.

Oracle, as you may or may not know, is a fairly sizable company. With a market cap of $165.42 billion (with a B), they’re doing alright.

But is it ethical of Oracle to push an Ask Toolbar installation on Java users?

Ask Toolbar Prompt
Ask Toolbar Prompt

While the information security community was teaching users how to protect their systems until Oracle could fix this latest Java flaw, Oracle themselves remained strangely silent, offering only a brief acknowledgement of the flaw with no remediation guidance whatsoever.

As soon as the fix was available, Oracle issued a security alert urging users to update Java, an alert that makes no mention of the option to disable Java as a temporary protective measure.

Remember when Oracle release Java 7 update 7 back in August 2012? By January 2013, they had released updates 8, 9, 10, and 11. That’s FIVE updates in as many months.

And how much revenue has Oracle generated from their affiliate relationship with Ask in that time period?

Java security seems to be in short supply at Oracle, and what do we call people who take advantage of circumstances like these in order to turn a profit?

Profiteers.

Facebooktwittergoogle_plusredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *