Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySql.com Hacked With Sql Injection

Posted by samzenpus on from the we-got-a-breach dept.

iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."

5 of 288 comments (clear)

  1. Re:Another report by AsmCoder8088 · · Score: 3, Interesting

    Okayyyyyyyy... MS astroturfing, anyone?

  2. why is it ironic? by larry+bagina · · Score: 1, Interesting

    I would expect MySQL.com to be hacked with an SQL injection bug. They didn't support parameterized queries until version 5 or so and most mysql examples floating around on the 'net involve building your own query string from unchecked user parameters.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

    1. Re:why is it ironic? by Anonymous Coward · · Score: 2, Interesting

      Perhaps you need a little refresher on irony.

      Few but the most naive would expect the MySQL.com site to be written by nubies and rubes so unsophisticated as to depend on remedial examples of anything found "floating around the 'net". To the contrary, most people would expect MySQL.com to be maintained to somewhat high levels of security in particular at the level of the database. This is the construction of the irony in this case.

      "How ironic, now he's blind after a life of enjoying being able to see." -- Homer Simpson.

  3. USE BIND VARIABLES by MoNsTeR · · Score: 4, Interesting

    Jesus fuck, people. It's not rocket surgery.

    If you use bind variables, you CANNOT be SQL-injected.

    If you don't, you can be.

    It's that fucking simple. Do The Right Thing.

  4. Re:Another report by hairyfeet · · Score: 4, Interesting

    Which is why I have a question: WTF is up with the MS Shill brigade on /. lately? I've only noticed it for about the past three weeks or so, but damned the shit is getting thick. Look at the one that posted on the Nook hack, the very first post is "I Wish Microsoft would have released the Courier" complete with link for those that don't know what that bullshit vaporware was in the first place. I mean did they get a deal on that HB Gary software or what? And why are they so insecure? I mean sure WinPhone is dead last but Windows 7 is nice, and the X360 is doing well. So what is up with the rampant MSFT shilling? Do they fire your ass if you don't post X number of shill posts or something?

    As for TFA, garbage in, garbage out. I don't care if you code in VB 6 or Brainfuck if you write sloppy code it WILL come back to bite you in the ass. But trying to blame this on the language, to use a /. car analogy, would be like trying to blame Ford because someone got drunk and hit a kid with their Mustang. A tool is only as good as the person using it, full stop. I've seen clean code and lousy shit in just about every language. It ain't the tool that's the problem it is PEBKAC. But they should get extra points for the sheer irony factor. I mean a site promoting SQL falling for the oldest trick in the book? Bobby Drop Tables anyone?

    --
    ACs don't waste your time replying, your posts are never seen by me.