The Consensus Opinion on Oracle: Slightly Bullish

Oracle (Nasdaq: ORCL) has a market cap of $170 billion and more than 370,000 customers in more than 145 countries. It will surprise exactly no one that the company attracts a lot of institutional and retail investor interest. What did surprise me, though, was that last year, it was the No. 13 most-owned stock by investment clubs, as measured by the folks at Better Investing. If retail investors were high on the stock, it got me to thinking: What's the consensus sentiment view on Oracle?

Turns out the view is slightly bullish. Let's have a look at a few of the key sentiment drivers.

1. Analyst opinion
Analysts love Oracle. Data from Capital IQ captures their collective feeling: Thirty-two analysts have either a "buy" or an "outperform" rating on the stock -- by far the majority sentiment. With nine neutral "holds" and a lone "sell," we'll classify analyst sentiment as bullish.

2. Insider buying
Next we'll look at insider buying and selling. Here, the picture isn't as rosy. Over the past year, Oracle insiders have sold $1.9 billion (that's billion, with a b) worth of their company stock. During the same time period, insiders bought $81,000 worth of the stock. (Data from Form4Oracle.)

Even though $1.89 billion of net insider selling is but a small sliver of Oracle's $171 billion market cap, and although insiders sell stock for a whole host of reasons -- to pay for a house or tuition, to diversify assets, and so forth -- it'd sure be nice to see less insider selling. It'd also be nice to see it balanced out by more insider buying. For purposes of this exercise, we'll classify insider buying/selling as bearish.

3. Guru buying
Next, we'll look at "guru" ownership of the stock, according to GuruFocus.

In the quarter ended Dec. 31, two investing gurus were buying Oracle shares: George Soros and Chris Davis. However, four gurus were reducing or eliminating their Oracle stakes in the quarter, among them John Hussman and Ruane Cunniff. In the previous quarter, six gurus were trading Oracle: three buyers, three sellers.

It's close, but the consensus action has been "sell," so we'll classify guru buying sentiment as bearish.

4. Retail-investor community sentiment
For retail-investor community sentiment, I turn to Motley Fool CAPS, our proprietary stock-rating system. CAPS generates ratings on a one- to five-star scale, with five stars as the highest ranking, an indication that the Fool community believes in a stock's future. That's mostly the case for Oracle: The stock has a four-star rating.

5. Short-sellers
Next we'll look at whether short-sellers are circling the stock. There are 25 million Oracle shares sold short, according to Capital IQ. As a percentage of shares outstanding, that's a short interest of 0.5%. That's not at all high, and so for determining sentiment, we'll classify the low short interest as bullish.

6. Does Buffett own it?
This is the "cherry on top" test, and in this case, it's a no: Berkshire Hathaway does not own shares of Oracle. That's no surprise, though, given Warren Buffett's famous aversion to technology stocks.

Adding it up
The consensus opinion on Oracle is "slightly bullish." Analysts love the stock, and the CAPS community believes in it. In another bullish sign, short sellers are staying away. But insiders have been selling in huge quantities, and gurus have been selling more than they've been buying. Berkshire's not a holder, either.

Of course, you can't base an investment philosophy on who likes or dislikes the stock you own, and even a consensus bullish opinion can sometimes be a scary thing. Quoting Buffett: "A simple rule dictates my buying: Be fearful when others are greedy, and be greedy when others are fearful."

The purpose of this series of articles isn't to make a definitive buy-or-sell call on Oracle. Rather, by looking at a stock's sentiment, the goal is to help you place your own opinion of it in a broader context.

Source: By Brian Richards @ www.fool.com

Read more ...

HP or Oracle announces intention to acquire Brocade by Dec. 7?

The latest tech company to hit the M&A rumor mill is Brocade (BRCD), a manufacturer of data center equipment ranging from blade server modules to storage-area networking gear. Reports in the financial press say that the company has put itself up for sale, and prospective buyers include tech heavyweights Hewlett-Packard (HPQ) and Oracle (ORCL). However, the Wall Street Journal, citing "people familiar with the matter," said that "no deal is imminent."

Oracle has been on an acquisition spree recently, with deals involving Sun and HyperRoll. HP's acquisitions include EDS and Colubris.

Prediction: By December 7, 2009, either HP or Oracle announces its intention to acquire Brocade Communications Systems. The deal does not need to be accepted, approved, or closed by this date, but one of the companies involved must make an announcement or have the news confirmed in a major financial or technology news publication by Monday, December 7, 2009.

Source: http://www.thestandard.com

Read more ...

Oracle Fixes Highly Exploitable Flaws

While Oracle's latest quarterly critical patch may fix fewer flaws than previous quarterly patches, today's release is notable for the number of flaws that can be exploited without credentials, according to Amichai Shulman, CTO of Imperva and a former member of the security center of the Israeli Defense Forces (IDF).

Two vulnerabilities rated a 10 on the CVSS scale, on which 10 is the highest possible risk, because they allowed an attack on the system without authentication. Being able to exploit a flaw without valid database credentials make these flaws extremely important. Those critical vulnerabilities are in the BEA JRockit application and in Oracle Secure Backup.

BEA JRockit is Oracle's Java technology, and the critical vulnerabilities affect the latest versions of the software, R27.6.3 and earlier (JDK/JRE 6, 5, 1.4.2). A user can exploit them to do damage without having the necessary credentials.

Oracle also issued patches for the following other BEA products: Oracle Complex Event Processing and Oracle WebLogic Server.

Oracle also issued two fixes for flaws in Oracle Secure Backup, one of which is a critical flaw rated a 10 on the CVSS. A user can exploit it to do damage without having the necessary credentials. The other is rated 9 because although it also allows a complete takeover of a PC, it requires valid credentials.

Oracle's most popular software, Oracle Database, received 10 fixes today. Some of the patches applied to the new 11g product. Oracle said that three of those fixes rate and can be exploited without a user name and password and one rates a 9 on the CVSS on Windows (but a 6.5 if Oracle is running on Unix or Linux). This flaw enables the complete takedown of a database on Windows and partial takedown on Unix or Linux.

Shulman said that the flaw was likely related to networking components, such as the Oracle Listener component, rather than to the core of the database itself. In April, Cisco released a proof of concept attack on the Oracle Database Listener designed to work on Windows because it attacked a specific DLL (define) file. The flaw that Cisco demonstrated has been fixed.
Lower rated fixes still pose risks

The two fixes issued to Oracle Application Server were rated a 5 out of 10, but both could be exploited without user credentials. Of eight new fixes to Oracle Applications Suite, five could be exploited without user credentials, but none were rated higher than 6. Two new fixes for Oracle Enterprise Manager Suite were not rated higher than 5.5 and were not exploitable without credentials.

Of three new patches for the PeopleSoft and JDEdwards Suite, one fixed a flaw that could be exploited without user credentials, but none was rated higher than 5.5.

One fix was issued for the Oracle Siebel Suite and although it could be exploited without user credentials, it was rated only 3.

But Shulman said that the low CVSS scores may understate the risk. "Using very simple tools like a text editor and a Telnet program (define), available on every PC, I can bring down a production database server," he said. "Oracle follows the CVSS scoring standard and these flaws score relatively low but in reality that's a pretty big security risk," he said.

Author: Alex Goldman @ www.internetnews.com

Read more ...