Placing the Blame

By John Pallatto  |  Posted 2007-03-22 Print this article Print

Its hard to imagine how SAP could argue that TomorrowNow carried out the alleged activity on behalf of the PeopleSoft and JD Edward customers as part of its third-party support service, since Oracles licenses and the licenses of any other commercial software product bar the disclosure or transfer of software and documentation to any third party. The lawsuit also raises the question of whether some of Oracles customers or former customers could find themselves parties to this lawsuit if it can be proven that they gave TomorrowNow access to their Customer Connection log-on IDs and passwords.
The Oracle complaint alleges that the intruders used "expired or soon-to-expire" log-on credentials of Oracle customers to gain access to the Customer Connection Web site. A lot of people could be feeling the legal pinch of these charges as this suit grinds through the wheels of justice.
The lawsuit also calls into question the effectiveness of Oracles own Web security protocols, since the intruders found it so easy to log in to the site using obviously bogus IDs such as "Null" and "User" along with e-mail addresses such as "" If intruders found it so easy to penetrate and plunder Oracles Web servers, what does this mean for the security of any software companys intellectual assets that are stored for easy customer access on the Internet? Perhaps Oracle should strengthen the security measures protecting its Web servers to prevent future intrusions and thefts. The complaint charges that SAP carried out more than 10,000 downloads between September 2006 and January 2007. Oracle is claiming that the intruders even took Oracle support documents that werent available "even to licensed, authorized customers or through normal access to Oracles Customer Connection system." Its clear that rather than block the expired and bogus customer accounts from accessing the Web sites, Oracle chose to quietly monitor and trace the activity to investigate who was doing it and why. The results are this lawsuit. If the charges are proved to be accurate, SAP could find it is embroiled in perhaps the largest and worst intellectual property theft case in history of the computer industry. It is inexplicable why SAP, a proud and respected software producer, would ever allow any of its employees or subsidiaries to engage in massive and systematic theft of software and documentation. We must all reserve judgment until SAP has an opportunity to answer the charges and defend itself in court. Surely all companies in the software industry must respect the sanctity of each others intellectual property rights. Its unimaginable that any company would knowingly take the chance of putting such devastating legal weapons into the hands of a such a fierce competitor as Oracle. But if it is true that people within SAP engaged in these purported systematic thefts, then the case is no different from any of the most egregious examples of identity theft and criminal fraud that have rocked the computer industry in recent years. In that case SAP would deserve whatever it gets. John Pallatto is a veteran journalist in the field of enterprise software and Internet technology. He can be reached at Check out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.

John Pallatto John Pallatto is's Managing Editor News/West Coast. He directs eWEEK's news coverage in Silicon Valley and throughout the West Coast region. He has more than 35 years of experience as a professional journalist, which began as a report with the Hartford Courant daily newspaper in Connecticut. He was also a member of the founding staff of PC Week in March 1984. Pallatto was PC Week's West Coast bureau chief, a senior editor at Ziff Davis' Internet Computing magazine and the West Coast bureau chief at Internet World magazine.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel