• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

lol programming fail. mysql hacked via sql injection

I get why these kinds of stories are funny, and get so much attention, but really... I don't get it 🙂. So it's Mysql.com. They hire programmers like everyone else, and those programmers make mistakes. The real story is that _any_ major website is still vulnerable to injection attacks.
 
I don't get why people laugh at others' misfortune but I can appreciate a snicker here. I mean it's mysql.com. And really if you're going to be a shining beacon of authority on a topic you really should be taking as many measures as you can to make sure you're not exposed to attacks like this.

Just my 2cents.
 
Markbnj said:
I get why these kinds of stories are funny, and get so much attention, but really... I don't get it 🙂. So it's Mysql.com. They hire programmers like everyone else, and those programmers make mistakes. The real story is that _any_ major website is still vulnerable to injection attacks.
Click to expand...

when your software own software is used against you to compromise your security in a common way, its a LOL because, well, there are tons of articles on there about the dangers of not sanitzing db inputs ETC.

jasoncoder: exactly, it sucks, I have an account there have to wonder who has that email address in their db of targets now. but I snicker because of what I posted above in response to markbnj.

just as funny if say, cisco got compromised because they forgot to change the default password or something else of that ilk.

its not haha funny, (well maybe a little) but its cringe funny
 
Markbnj said:
I get why these kinds of stories are funny, and get so much attention, but really... I don't get it 🙂. So it's Mysql.com. They hire programmers like everyone else, and those programmers make mistakes. The real story is that _any_ major website is still vulnerable to injection attacks.
Click to expand...

I dunno, I think the fact that it was MySQL's main site makes it more significant. When you make a DB that is the main part of a software stack that is heavily used around the world, you sorta have to set the example of the proper way to implement it.

I know I know, the db ITSELF is not responsible for the attack, it's the transition from the app to the db context that is the weakness. But any respectable vendor has some sort of use guidelines. If you go to MSDN and look at the SQL Server "best practices" they show examples of how to use their database with various front ends and avoid sql injection.
 
Train said:
I know I know, the db ITSELF is not responsible for the attack, it's the transition from the app to the db context that is the weakness.
Click to expand...

I guess that's the main reason I reacted the way I did. It's not like there was a flaw in the database. The mistake was likely made by one of their web developers.
 
2011 / SQL Injection / lol

This once again proves that most programmers should not be allowed to code at all.
 
Zargon said:
when your software own software is used against you to compromise your security in a common way, its a LOL because, well, there are tons of articles on there about the dangers of not sanitzing db inputs ETC.
Click to expand...

The web interface accepting and executing the queries isn't the same as the backend DB software so I don't see the correlation.

Zargon said:
just as funny if say, cisco got compromised because they forgot to change the default password or something else of that ilk.
Click to expand...

No, this is more like Cisco getting compromised by a JSP exploit.
 
Train said:
I dunno, I think the fact that it was MySQL's main site makes it more significant. When you make a DB that is the main part of a software stack that is heavily used around the world, you sorta have to set the example of the proper way to implement it.

I know I know, the db ITSELF is not responsible for the attack, it's the transition from the app to the db context that is the weakness. But any respectable vendor has some sort of use guidelines. If you go to MSDN and look at the SQL Server "best practices" they show examples of how to use their database with various front ends and avoid sql injection.
Click to expand...

this.

I know its their interaction with the DB and not the DB itself, but they should be a beacon of best practices in using and interacting with it
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top