Another One Falls - Mysql.com Compromised! - Webmasters

Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,182,999 members, 7,919,184 topics. Date: Monday, 12 August 2024 at 11:31 PM

Another One Falls - Mysql.com Compromised! - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Another One Falls - Mysql.com Compromised! (578 Views)

Twitter Hacked: 250,000 Accounts Believed Compromised / How Google, PayPal, Microsoft, Ebay Pakistan Were Hacked/compromised / Economic And Financial Crimes Commission (efcc) Website Compromised (2) (3) (4)

(1) (Reply) (Go Down)

Another One Falls - Mysql.com Compromised! by dubainaija: 6:07am On Mar 28, 2011

Source: http://blog.sucuri.net/2011/03/mysql-com-compromised.html

MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.

Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web

It seems their customer view application was used as the entry point. This is where the attackers were able to list the internal databases, tables and password dump. If you have an account on MySQL.com, we recommend changing your passwords ASAP (especially if you like to reuse them across multiple sites).

What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like the password used by MySQL’s Director of Product Management, it is only 4 numbers long. Multiple admin passwords for blogs.mysql.com were also posted.

The folks at MySQL have yet to say anything about this attack, but we will post more details as we learn more about it.

Re: Another One Falls - Mysql.com Compromised! by instinctg(m): 10:18am On Mar 28, 2011

will snoop around for more info, but its a fact that there is no unbreakable system. note that all some people think about is destruction!
one just needs to follow best security practices and hope 4divine protection, since u never can tell where a leak would occur from. it could be as simple as just avoiding a line of form validation to cross-site scripting and other loopholes these hawks tend to act upon.

Re: Another One Falls - Mysql.com Compromised! by Slyr0x: 8:46pm On Mar 28, 2011

https://www.nairaland.com/nigeria/topic-632772.0.html

Re: Another One Falls - Mysql.com Compromised! by Nobody: 7:51am On Apr 03, 2011

it never ceases to amaze me ooo, and at times we blame most naija banks.
when even the database providers, Sun Microsystems can even come up with a secure website.

Like i always say, apart from following best practices, be there to give your website live support.

(1) (Reply)

Freelance Advert Executive / Justed Started A New Project - Track The Development Process / Bed Liner

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 8
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.