MySql.com Hacked With Sql Injection 288
iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."
Incoming botswarm (Score:5, Funny)
Re:USE BIND VARIABLES (Score:2, Funny)
I like slashes
Yo Dawg (Score:5, Funny)
I herd you like Sql, so we injected Sql in your Sql so you can have Sql while you code MySql
Re:USE BIND VARIABLES (Score:5, Funny)
Jesus fuck, people. It's not rocket surgery.
Apparently it's brain science.
Re:That's Not Ironic (Score:3, Funny)
You would expect a person correcting the summary's definition of irony to be aware that there are multiple definitions of irony. The grandparent was clearly ignorant of this fact, thus making the comment meta-ironic.
Does xkcd explain it? (Score:3, Funny)
Like this [xkcd.com]?
Re:Yo Dawg (Score:5, Funny)
An SQL statement walks into a bar and sees two tables and says, "Hello, may I join you?"
Re:That's Not Ironic (Score:5, Funny)
Ironically, the OP correcting someone else for not using ironic correctly is both hypocritical and ironic.
Re:That's Not Ironic (Score:5, Funny)
Screwing up irony is the only thing that unleashes the linguists with such ferrousity.
Re:That's Not Ironic (Score:5, Funny)
Like Oracle not seeing it coming?
Re:Yo Dawg (Score:5, Funny)
Honestly, "YourSQL" seems more accurate than "MySQL" given that apparently even the developers can't keep control of their own database. ;P
Re:What year is it? (Score:4, Funny)
When interviewing people for QA positions, I routinely ask "Do you know what an SQL injection attack is?"
I have never yet interviewed a candidate who answered yes.
So, then I explain what an SQL injection attack is, and ask how they would test for vulnerability to one.
Almost without exception, the answer is "I guess I would try entering some special characters and keywords into the GUI, and see what happens."
Re:USE BIND VARIABLES (Score:2, Funny)
addslashes() is unsafe. In PHP you want to be using the standard function "mysqlreallyescapethingsanddoitproperlythistime()". Don't go using "mysqlescapethingscorrectly()" by mistake, that one is completely insecure.
(Seriously, why do people use PHP?)
Re:That's Not Ironic (Score:5, Funny)
Re:Yo Dawg (Score:4, Funny)