back to article MySQL.com breach leaves visitors exposed to malware

Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said. MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access …

COMMENTS

This topic is closed for new posts.
Silver badge
Thumb Up

I would still...

... prefer Open Source security over anything MS can come up with. Nothing is perfect and stuff happens with all OS's.

7
3
Bronze badge
Facepalm

but it looks like downloads.mysql.com is running on Solaris, which I believe is proprietor y

.

1
0

more importantly...

...disregards the point that 90% of security is in the system design and user practices anyway, not what OS is running on the system. This was well-discussed when it came to the kernel.org hack. Ultimately most hacks trace back to a wetware bug somewhere: someone who's a trusted user on the system gets their personal system hacked or stolen.

There's very little you can do about that, because as far the server is concerned, the hacker looks precisely like someone who absolutely should (indeed, must) have permission to do all the things they then go ahead and do. Doesn't really matter what software the server is running, if a privileged user's access credentials are compromised.

1
0
Anonymous Coward

I would prefer...

... something thats not been touched by Oracle... PostgreSQL anyone?

3
0

mysql is pretty entrenched in all sorts of things now, and it's not exactly a simple switch-flip to change to postgre. i expect most migrations would be to mariadb if anything.

0
0
Bronze badge

altera pars

All seem to forget DigiNotar - a Microsoft-filled business that recently went bankrupt. It has been hacked for years producing hundreds of false SSL certificates.

0
0

One word; MariaDB.

0
2
Anonymous Coward

what is this i dont even

>"website malware that often spreads when compromised machines are used to access restricted FTP clients"

What is that gibberish supposed to mean?

0
0
Trollface

Equal rights for women - NOW!

"...speculated the site was infected after a MySQL developer was compromised and had his password stolen."

I am tired of women being speculatively overlooked for their contributions. Please change the pronoun to, "her".

I got your back ladies!

Jim

(satire. save the slings and arrows for someone evil that is empowered to wreak havoc with their small mind. Mine is only used for entertainment purposes.)

1
0
FAIL

Developer hacked

The article states that the breach most likely occurred due to an individual developer account being compromised, so it was not necessarily the security of MySQL or whatever software they happen to be running which is at fault...

What was the developer running, and how did his credentials come to be stolen? Did he do something stupid like send them over an insecure channel, or was his workstation compromised?

0
0

Diginotar

Admittedly, Diginotar was associated with Dutch Government IT. It didn't matter if they ran the most paranoid if systems, they were doomed from the moment the government contract was signed.

0
0
KJB
Mushroom

Lowlife scum

Is it just me that thinks this every single time I read about one of these skiddy hacks?

<-- What I'd like to do to them...

0
0
Anonymous Coward

Blimey

You want to blow someone up for posting a silly message on someone twitter?

What are you going to do when you get a parking ticket? Self mutilation at least!

1
0
Silver badge
Trollface

Oracle really means business!

Its good to see all the "positive" effects which the Oracle take over has on all the products formerly being managed by Sun. Things really start to look up now; very impressive achievements indeed.

(yes this is a troll, I can't stand Oracle).

0
0
Mushroom

Ahh SQL

Giving security admins migranes since 2003!

0
0
Bronze badge

Well

If someone managed to get a backdoor in without it being noticed why modify the front page which would surely cause an audit of code anyway?

For a backdoor however either closed or open source may be affected whether it was deliberatly put there or an error made by someone.

0
0
Silver badge
Coat

Bobby Tables

I think I know who paid a visit to the MySQL site then...

0
0
This topic is closed for new posts.

Forums