Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Oracle Sun Microsystems

MySql.com Hacked With Sql Injection 288

Posted by samzenpus from the we-got-a-breach dept.
iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."
This discussion has been archived. No new comments can be posted.

MySql.com Hacked With Sql Injection More

MySql.com Hacked With Sql Injection

Comments Filter:

  • Re:Another report (Score:3, Interesting)

    by AsmCoder8088 ( 745645 ) on Sunday March 27, 2011 @05:41PM (#35632604)
    Okayyyyyyyy... MS astroturfing, anyone?

  • why is it ironic? (Score:1, Interesting)

    by larry bagina ( 561269 ) on Sunday March 27, 2011 @05:45PM (#35632624) Journal
    I would expect MySQL.com to be hacked with an SQL injection bug. They didn't support parameterized queries until version 5 or so and most mysql examples floating around on the 'net involve building your own query string from unchecked user parameters.

  • USE BIND VARIABLES (Score:5, Interesting)

    by MoNsTeR ( 4403 ) on Sunday March 27, 2011 @05:47PM (#35632638)

    Jesus fuck, people. It's not rocket surgery.

    If you use bind variables, you CANNOT be SQL-injected.

    If you don't, you can be.

    It's that fucking simple. Do The Right Thing.

  • Re:why is it ironic? (Score:2, Interesting)

    by Anonymous Coward on Sunday March 27, 2011 @06:09PM (#35632802)

    Perhaps you need a little refresher on irony.

    Few but the most naive would expect the MySQL.com site to be written by nubies and rubes so unsophisticated as to depend on remedial examples of anything found "floating around the 'net". To the contrary, most people would expect MySQL.com to be maintained to somewhat high levels of security in particular at the level of the database. This is the construction of the irony in this case.

    "How ironic, now he's blind after a life of enjoying being able to see." -- Homer Simpson.

  • Re:Another report (Score:5, Interesting)

    by hairyfeet ( 841228 ) <bassbeast1968@@@gmail...com> on Sunday March 27, 2011 @08:32PM (#35633904) Journal

    Which is why I have a question: WTF is up with the MS Shill brigade on /. lately? I've only noticed it for about the past three weeks or so, but damned the shit is getting thick. Look at the one that posted on the Nook hack, the very first post is "I Wish Microsoft would have released the Courier" complete with link for those that don't know what that bullshit vaporware was in the first place. I mean did they get a deal on that HB Gary software or what? And why are they so insecure? I mean sure WinPhone is dead last but Windows 7 is nice, and the X360 is doing well. So what is up with the rampant MSFT shilling? Do they fire your ass if you don't post X number of shill posts or something?

    As for TFA, garbage in, garbage out. I don't care if you code in VB 6 or Brainfuck if you write sloppy code it WILL come back to bite you in the ass. But trying to blame this on the language, to use a /. car analogy, would be like trying to blame Ford because someone got drunk and hit a kid with their Mustang. A tool is only as good as the person using it, full stop. I've seen clean code and lousy shit in just about every language. It ain't the tool that's the problem it is PEBKAC. But they should get extra points for the sheer irony factor. I mean a site promoting SQL falling for the oldest trick in the book? Bobby Drop Tables anyone?

Slashdot Top Deals

Basic unit of Laryngitis = The Hoarsepower

Close