MySql.com Hacked With Sql Injection

iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."

Re:Another report

[symbolset]

180 words, under 1 minute by the timestamp. It was actually under 30 seconds. Bot. A prepared response to any article containing "hacked" and "mysql"

Yes it is

[pavon]

Ironic is when one's words say one thing and one's actions another that contradict it.

No, that is hypocritical. Situational Irony is where the outcome is has a humorous incongruity or discrepancy from what one would expect, or from what would normally be implied by the situation. The fact that the company which produces and sells MySQL wasn't using SQL correctly is indeed ironic.

Re:Password hashing + salt?

[BCoates]

The salt isn't a second secret, it's there to prevent the use of a pre-constructed rainbow table for the standard hash functions. Without a rainbow table, you can still do dictionary attacks of weak passwords--and there is no way to prevent this short of not using passwords for authentication. This only harms people who use guessable passwords and re-use passwords between sites.

Re:USE BIND VARIABLES

[JustinRLynn]

You know, I could be a smart arse and say this rules out most people that choose to use PHP, but I think my karma would burn. Oh wait....