Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySql.com Hacked With Sql Injection

Posted by samzenpus on from the we-got-a-breach dept.

iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."

15 of 288 comments (clear)

  1. Incoming botswarm by symbolset · · Score: 5, Funny

    Microsoft web serving products? How dumb can can a bot get? Turing fail.

    --
    Help stamp out iliturcy.
  2. Re:USE BIND VARIABLES by Anonymous Coward · · Score: 2, Funny

    I just use something : addslashes(addslashes(addslashes(addslashes($str)))) ;
    I like slashes ;-) ;

  3. Yo Dawg by mrstrano · · Score: 5, Funny

    I herd you like Sql, so we injected Sql in your Sql so you can have Sql while you code MySql

    1. Re:Yo Dawg by MarkRose · · Score: 5, Funny

      An SQL statement walks into a bar and sees two tables and says, "Hello, may I join you?"

      --
      Be relentless!
    2. Re:Yo Dawg by Sparks23 · · Score: 4, Funny

      Honestly, "YourSQL" seems more accurate than "MySQL" given that apparently even the developers can't keep control of their own database. ;P

      --
      --Rachel
    3. Re:Yo Dawg by MarkRose · · Score: 3, Funny

      Pardon the grammatical gaff, but don't you mean YourSOL? :-)

      --
      Be relentless!
  4. Re:USE BIND VARIABLES by Dunbal · · Score: 4, Funny

    Jesus fuck, people. It's not rocket surgery.

    Apparently it's brain science.

    --
    Seven puppies were harmed during the making of this post.
  5. Re:That's Not Ironic by Anonymous Coward · · Score: 3, Funny

    You would expect a person correcting the summary's definition of irony to be aware that there are multiple definitions of irony. The grandparent was clearly ignorant of this fact, thus making the comment meta-ironic.

  6. Does xkcd explain it? by Anonymous Coward · · Score: 3, Funny

    Like this?

  7. Re:That's Not Ironic by LordLucless · · Score: 4, Funny

    Ironically, the OP correcting someone else for not using ironic correctly is both hypocritical and ironic.

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  8. Re:That's Not Ironic by MarkRose · · Score: 4, Funny

    Screwing up irony is the only thing that unleashes the linguists with such ferrousity.

    --
    Be relentless!
  9. Re:That's Not Ironic by MarkRose · · Score: 4, Funny

    Like Oracle not seeing it coming?

    --
    Be relentless!
  10. Re:What year is it? by Software+Geek · · Score: 3, Funny

    When interviewing people for QA positions, I routinely ask "Do you know what an SQL injection attack is?"
    I have never yet interviewed a candidate who answered yes.
    So, then I explain what an SQL injection attack is, and ask how they would test for vulnerability to one.
    Almost without exception, the answer is "I guess I would try entering some special characters and keywords into the GUI, and see what happens."

    --
    http://xkcd.com/756//
  11. Re:USE BIND VARIABLES by Anonymous Coward · · Score: 2, Funny

    addslashes() is unsafe. In PHP you want to be using the standard function "mysqlreallyescapethingsanddoitproperlythistime()". Don't go using "mysqlescapethingscorrectly()" by mistake, that one is completely insecure.

    (Seriously, why do people use PHP?)

  12. Re:That's Not Ironic by dr2chase · · Score: 4, Funny

    I think your pun detector is a little rusty.