MySql.com Hacked With Sql Injection 288
iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."
Re:Another report (Score:4, Informative)
Yes it is (Score:5, Informative)
Ironic is when one's words say one thing and one's actions another that contradict it.
No, that is hypocritical. Situational Irony is where the outcome is has a humorous incongruity or discrepancy from what one would expect, or from what would normally be implied by the situation. The fact that the company which produces and sells MySQL wasn't using SQL correctly is indeed ironic.
Re:Password hashing + salt? (Score:4, Informative)
The salt isn't a second secret, it's there to prevent the use of a pre-constructed rainbow table for the standard hash functions. Without a rainbow table, you can still do dictionary attacks of weak passwords--and there is no way to prevent this short of not using passwords for authentication. This only harms people who use guessable passwords and re-use passwords between sites.
Re:USE BIND VARIABLES (Score:4, Informative)