MySql.com Hacked With Sql Injection

← Back to Stories (view on slashdot.org)

MySql.com Hacked With Sql Injection

Posted by samzenpus on Sunday March 27, 2011 @09:36AM from the we-got-a-breach dept.

iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."

4 of 288 comments (clear)

Min score:

Reason:

Sort:

Re:Another report by symbolset · 2011-03-27 09:49 · Score: 4, Informative

180 words, under 1 minute by the timestamp. It was actually under 30 seconds. Bot. A prepared response to any article containing "hacked" and "mysql"

--
Help stamp out iliturcy.
Yes it is by pavon · 2011-03-27 10:11 · Score: 4, Informative

Ironic is when one's words say one thing and one's actions another that contradict it.
No, that is hypocritical. Situational Irony is where the outcome is has a humorous incongruity or discrepancy from what one would expect, or from what would normally be implied by the situation. The fact that the company which produces and sells MySQL wasn't using SQL correctly is indeed ironic.
Re:Password hashing + salt? by BCoates · 2011-03-27 11:57 · Score: 3, Informative

The salt isn't a second secret, it's there to prevent the use of a pre-constructed rainbow table for the standard hash functions. Without a rainbow table, you can still do dictionary attacks of weak passwords--and there is no way to prevent this short of not using passwords for authentication. This only harms people who use guessable passwords and re-use passwords between sites.
Re:USE BIND VARIABLES by JustinRLynn · 2011-03-27 15:57 · Score: 4, Informative

You know, I could be a smart arse and say this rules out most people that choose to use PHP, but I think my karma would burn. Oh wait....