PeopleSoft: Difference between revisions
Line 128: | Line 128: | ||
According to the research<ref>{{cite web |title=Oracle PeopleSoft applications are under attacks |url=https://erpscan.com/wp-content/uploads/presentations/2015-Hack-In-Paris-Oracle-PeopleSoft-applications-are-under-attacks.pdf}}</ref> on public-facing Oracle PeopleSoft applications and their vulnerabilities, the systems available online are susceptible to the TokenChpoken attack. The main tactic used to perform such type of attack is bruteforcing that takes about a day to gain access to the system. When the key to Token is identified, it makes easy to login under any account and net all the data from the system. Although such issue arose back in 2015, the risk level doesn’t decrease nowadays. |
According to the research<ref>{{cite web |title=Oracle PeopleSoft applications are under attacks |url=https://erpscan.com/wp-content/uploads/presentations/2015-Hack-In-Paris-Oracle-PeopleSoft-applications-are-under-attacks.pdf}}</ref> on public-facing Oracle PeopleSoft applications and their vulnerabilities, the systems available online are susceptible to the TokenChpoken attack. The main tactic used to perform such type of attack is bruteforcing that takes about a day to gain access to the system. When the key to Token is identified, it makes easy to login under any account and net all the data from the system. Although such issue arose back in 2015, the risk level doesn’t decrease nowadays. |
||
News reports show that PeopleSoft breaches actually happen. Since 2010, several cases have been highlighted. |
News reports show that PeopleSoft breaches actually happen. Since 2010, several cases have been highlighted. For example, in March 2013, Salem State University in Massachusetts alerted 25 000 students and employees that their Social Security Numbers might have been compromised in a database breach.<ref>{{cite press release |url=https://erpscan.com/press-center/news/tokenchpoken-attack-on-oracle-peoplesoft-affecting-nearly-half-of-large-enterprises-and-government-organizations/ |title=TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations | |date=29 June 2015 |publisher=ERPScan}}</ref> |
||
All organizations that use PeopleSoft (including companies specialized in charity, food, manufacturing, retail, transport, etc.) stay vulnerable to TokenChpoken and other interventions if do not pay due attention to security.<ref>{{cite web| title= PeopleSoft vulnerabilities elevate ERP security issues | first=Michael| last=Mimoso| url=https://threatpost.com/peoplesoft-vulnerabilities-elevate-erp-security-issues/113061/| publisher=Threatpost|date=29 May 2015| accessdate=4 October 2017}}</ref> |
All organizations that use PeopleSoft (including companies specialized in charity, food, manufacturing, retail, transport, etc.) stay vulnerable to TokenChpoken and other interventions if do not pay due attention to security.<ref>{{cite web| title= PeopleSoft vulnerabilities elevate ERP security issues | first=Michael| last=Mimoso| url=https://threatpost.com/peoplesoft-vulnerabilities-elevate-erp-security-issues/113061/| publisher=Threatpost|date=29 May 2015| accessdate=4 October 2017}}</ref> |
Revision as of 10:57, 9 October 2017
Company type | Subsidiary |
---|---|
Founded | 1987 |
Successor | Oracle Corporation |
Headquarters | Pleasanton, California, United States |
Key people | David Duffield, Ken Morris |
Owner | Acquired in 2005 by Oracle |
Parent | Oracle Corporation |
PeopleSoft, Inc. was a company that provided human resource management systems (HRMS), Financial Management Solutions (FMS), supply chain management (SCM), customer relationship management (CRM), and enterprise performance management (EPM) software, as well as software for manufacturing, and student administration to large corporations, governments, and organizations. It existed as an independent corporation until its acquisition by Oracle Corporation in 2005. The PeopleSoft name and product line are now marketed by Oracle.
PeopleSoft Financial Management Solutions (FMS) and Supply Chain Management (SCM) are part of the same package, commonly known as Financials and Supply Chain Management (FSCM).
History
Founded in 1987 by Ken Morris and David Duffield, PeopleSoft was originally headquartered in Walnut Creek, California before moving to Pleasanton, California. Duffield envisioned a client–server version of Integral Systems' popular mainframe HRMS package. The company's sole venture backing came from IBM.[1] George J. Still, Jr. from Norwest Venture Partners joined the Board of Directors.[2]
PeopleSoft version 1, released in the late 1989,[3]: 18 was the first fully integrated, robust client–server HRMS application suite.[3]
PeopleSoft expanded its product range to include a financials module in 1992, distribution in 1994, and manufacturing in 1996 after the acquisition of Red Pepper.[3]
Product design
Application architecture
The original architecture for the PeopleSoft suite of products built on a client–server (two-tier) approach with a dedicated client.[3] With the release of version 8, the entire suite was rewritten as an n-tier web-centric design called PeopleSoft Internet Architecture (PIA).[3] The new format allowed all of a company's business functions to be accessed and run from within a web browser.[4]
Originally, a small number of security and system setup functions still needed to be performed on a fat-client machine; however, this is no longer[when?] the case.[clarification needed][citation needed]
The PeopleSoft application suite can function as an ERP system, similar to SAP, but can also be used for single modules - for example, Student Administration or HCM (Human Capital Management) alone.[citation needed]
Development platform
Implementation focuses on PeopleSoft's proprietary PeopleTools technology. PeopleTools includes many different components used to create web-based applications: a scripting language known as PeopleCode, design tools to define various types of metadata, standard security structure, batch-processing tools, and the ability to interface with a SQL database. The metadata describes data for user interfaces, tables, messages, security, navigation, portals, etc. This set of tools can make the PeopleSoft suite platform-independent.
Components
Before PIA version 8.0, Components were called Panel Groups.[5] Components of the system include:[6]
- Application Engine - a batch-processing facility[7]
- Database, including IBM DB2, IBM Informix, Microsoft SQL Server or other SQL implementations, and Sybase
- People Tools tables
- Query and reporting tools
JD Edwards
In 2003, PeopleSoft performed a friendly merger with smaller rival JD Edwards.[8] The latter's similar product line, World and OneWorld, targeted mid-sized companies too small to benefit from PeopleSoft's applications. JD Edwards' software used the Configurable Network Computing architecture, which shielded applications from both the operating system and the database back-end. PeopleSoft branded the OneWorld product PeopleSoft EnterpriseOne.[9]
Oracle Corporation acquisition
This section needs additional citations for verification. (June 2008) |
This section's factual accuracy may be compromised due to out-of-date information. (April 2009) |
Beginning in 2003, Oracle began to maneuver for control of the PeopleSoft company. In June 2003, Oracle made a $13 billion bid in a hostile corporate takeover attempt. In February 2004, Oracle decreased their bid to approximately $9.4 billion; this offer was also rejected by PeopleSoft's board of directors. Complicating Oracle's takeover attempt was PeopleSoft's poison pill, allowing their customers to potentially receive refunds of 2-5x the amount they had paid in the case of a takeover.[10]
Later that month, the U.S. Department of Justice filed suit to block Oracle, on the grounds that the acquisition would break anti-trust laws. In September 2004, the suit was rejected by a U.S. Federal judge, who found that the Justice Department had not proven its anti-trust case. In October, the same decision was handed down by the European Commission. Though Oracle had reduced its offer to $7.7 billion in May, it again raised its bid in November to $9.4 billion.
In December 2004, Oracle announced that it had signed a definitive merger agreement to acquire PeopleSoft for approximately $10.3 billion. A month after the acquisition of PeopleSoft, Oracle cut over half of PeopleSoft's workforce, laying off 6,000 of PeopleSoft's 11,000 employees.[11]
Oracle moved to capitalize on the perceived strong brand loyalty within the JD Edwards user community by rebranding former JD Edwards products. Thus PeopleSoft EnterpriseOne became JD Edwards EnterpriseOne and PeopleSoft World became JD Edwards World. [citation needed]
Oracle announced in 2005 that Fusion Applications would combine the best aspects of the PeopleSoft, JD Edwards, and Oracle Applications and merge them into a new product suite. [citation needed]
Oracle would later slow the release cadence for PeopleSoft applications, instead releasing "Feature Packs" to add functionality.[12][13]
PeopleSoft timeline
This section needs additional citations for verification. (October 2008) |
- 1987: PeopleSoft, Inc. founded by David Duffield and Ken Morris in Walnut Creek, CA, USA.
- 1988: PeopleSoft HRMS released.
- 1991: Begins opening international offices.
- 1994: Public distribution of Distribution and Financials modules.
- 1995: Launch of Student Administration System.
- 1995: Opened office in Mexico, first in Latin America.
- 1996: Releases Manufacturing and PeopleSoft 6, their first ERP package.
- 1997: PeopleSoft 7 is released within upgraded ERP modules.
- 1998: PeopleSoft 7.5 is released with improved client/server technology. Acquired Intrepid Systems.
- 1999: Craig Conway named new CEO; release products to enable Internet transactions.
- 2000: Acquired Vantive Corporation.
- 2000: Deliver PeopleSoft 8[14] with an in-house application service provider.
- 2003: Acquired JD Edwards[8]
- 2004: Dave Duffield returns as CEO, replacing Craig Conway.[15]
- 2005: Acquired by Oracle Corporation.
- 2006: PeopleSoft FSCM 9.0 is released. (September 2006)[16]
- 2006: PeopleSoft HCM 9.0 is released. (December 2006)
- 2009: PeopleSoft HCM 9.1 is released. (October 2009)
- 2009: PeopleSoft FSCM 9.1 is released. (November 2009)
- 2013: PeopleSoft 9.2 is released. (FSCM and HCM released simultaneously)[17]
Security
Despite being widespread and commonly applied, PeopleSoft systems are not perfect in terms of security. As a matter of fact, these applications are used in Fortune 500 companies and government organizations, and almost 50% of them are vulnerable and can be hacked via the internet.[18]
The risk factor lies in existing vulnerabilities of Oracle PeopleSoft systems that could be enabling data breaches at businesses, government organizations, and universities.[19] This aspect lacks concern and puts companies using PeopleSoft applications under threat of attacks.[20]
According to the research[21] on public-facing Oracle PeopleSoft applications and their vulnerabilities, the systems available online are susceptible to the TokenChpoken attack. The main tactic used to perform such type of attack is bruteforcing that takes about a day to gain access to the system. When the key to Token is identified, it makes easy to login under any account and net all the data from the system. Although such issue arose back in 2015, the risk level doesn’t decrease nowadays.
News reports show that PeopleSoft breaches actually happen. Since 2010, several cases have been highlighted. For example, in March 2013, Salem State University in Massachusetts alerted 25 000 students and employees that their Social Security Numbers might have been compromised in a database breach.[22]
All organizations that use PeopleSoft (including companies specialized in charity, food, manufacturing, retail, transport, etc.) stay vulnerable to TokenChpoken and other interventions if do not pay due attention to security.[23]
References
- ^ "PeopleSoft Inc.- Company Profile, Information, Business Description, History, Background Information on PeopleSoft Inc". Reference for Business. Advameg, Inc. Retrieved 3 September 2013.
- ^ "George J. Still, Jr.; Partner Emeritus". Norwest Venture Partners. Retrieved 3 September 2013.
- ^ a b c d e Anderson, Lynn (2001). Understanding PeopleSoft8. Sybex. pp. 18–22. ISBN 0-7821-2930-7.
- ^ Anderson, Lynn (2001). Understanding PeopleSoft8. Sybex. p. 58. ISBN 0-7821-2930-7.
- ^ "Peoplesoft Component". psoftsearch.com.
- ^ "Components of a PeopleSoft System". 20 January 2013.
- ^
Kurtz, David (2012). PeopleSoft for the Oracle DBA. Expert's voice in Oracle (2 ed.). Apress. p. 6. ISBN 9781430237075. Retrieved 21 June 2016.
Application Engine is PeopleSoft's proprietary batch-processing facility.
- ^ a b Kane, Margaret (2 June 2003). "PeopleSoft to buy J.D. Edwards". CNET. Retrieved 5 October 2010.
- ^ Hines, Matt (15 December 2003). "PeopleSoft integrates J.D. Edwards software". CNET. Retrieved 5 October 2010.
- ^ "Oracle chokes on PeopleSoft's poison pill". The Register. 11 November 2003.
- ^ "Oracle to PeopleSoft: The pink slip's in the mail". CNET. 14 January 2005. Retrieved 3 August 2012.
- ^ "Oracle Announces Oracle's PeopleSoft Financials and Supply Chain Management 9.1 Feature Pack" (Press release). Oracle. 11 April 2011.
- ^ "Oracle PeopleSoft Continuous Delivery Model" – via YouTube.
- ^ Tomei, Derek. "PeopleSoft 8". PeopleSoftCareer. Retrieved 1 October 2013.
- ^ Rohde, Laura (1 October 2004). "Update: PeopleSoft's CEO Conway gets the boot. Board of directors replaces Conway with PeopleSoft founder and chairman Dave Duffield". InfoWorld.
- ^ "Oracle Lifetime Support Policy" (PDF).
- ^ "Oracle Releases Oracle's PeopleSoft 9.2" (Press release). Oracle. 18 March 2013.
- ^ "TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations" (Press release). ERPScan. 29 June 2015.
{{cite press release}}
: Cite has empty unknown parameter:|1=
(help) - ^ Greenberg, Adam (6 July 2015). "Oracle PeopleSoft attack could enable big data breaches". CS Media. Retrieved 4 October 2017.
- ^ Pauli, Darren (28 May 2015). "Password reset sites expose crackable PeopleSoft creds". The Register. Retrieved 4 October 2017.
- ^ "Oracle PeopleSoft applications are under attacks" (PDF).
- ^ "TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations" (Press release). ERPScan. 29 June 2015.
{{cite press release}}
: Cite has empty unknown parameter:|1=
(help) - ^ Mimoso, Michael (29 May 2015). "PeopleSoft vulnerabilities elevate ERP security issues". Threatpost. Retrieved 4 October 2017.