Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said. MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access …
I would still...
... prefer Open Source security over anything MS can come up with. Nothing is perfect and stuff happens with all OS's.
but it looks like downloads.mysql.com is running on Solaris, which I believe is proprietor y
...disregards the point that 90% of security is in the system design and user practices anyway, not what OS is running on the system. This was well-discussed when it came to the kernel.org hack. Ultimately most hacks trace back to a wetware bug somewhere: someone who's a trusted user on the system gets their personal system hacked or stolen.
There's very little you can do about that, because as far the server is concerned, the hacker looks precisely like someone who absolutely should (indeed, must) have permission to do all the things they then go ahead and do. Doesn't really matter what software the server is running, if a privileged user's access credentials are compromised.
I would prefer...
... something thats not been touched by Oracle... PostgreSQL anyone?
mysql is pretty entrenched in all sorts of things now, and it's not exactly a simple switch-flip to change to postgre. i expect most migrations would be to mariadb if anything.
All seem to forget DigiNotar - a Microsoft-filled business that recently went bankrupt. It has been hacked for years producing hundreds of false SSL certificates.
One word; MariaDB.
what is this i dont even
>"website malware that often spreads when compromised machines are used to access restricted FTP clients"
What is that gibberish supposed to mean?
Equal rights for women - NOW!
"...speculated the site was infected after a MySQL developer was compromised and had his password stolen."
I am tired of women being speculatively overlooked for their contributions. Please change the pronoun to, "her".
I got your back ladies!
(satire. save the slings and arrows for someone evil that is empowered to wreak havoc with their small mind. Mine is only used for entertainment purposes.)
The article states that the breach most likely occurred due to an individual developer account being compromised, so it was not necessarily the security of MySQL or whatever software they happen to be running which is at fault...
What was the developer running, and how did his credentials come to be stolen? Did he do something stupid like send them over an insecure channel, or was his workstation compromised?
Admittedly, Diginotar was associated with Dutch Government IT. It didn't matter if they ran the most paranoid if systems, they were doomed from the moment the government contract was signed.
Is it just me that thinks this every single time I read about one of these skiddy hacks?
<-- What I'd like to do to them...
You want to blow someone up for posting a silly message on someone twitter?
What are you going to do when you get a parking ticket? Self mutilation at least!
Oracle really means business!
Its good to see all the "positive" effects which the Oracle take over has on all the products formerly being managed by Sun. Things really start to look up now; very impressive achievements indeed.
(yes this is a troll, I can't stand Oracle).
Giving security admins migranes since 2003!
If someone managed to get a backdoor in without it being noticed why modify the front page which would surely cause an audit of code anyway?
For a backdoor however either closed or open source may be affected whether it was deliberatly put there or an error made by someone.
I think I know who paid a visit to the MySQL site then...
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great