MySQL.com breach leaves visitors exposed to malware Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said. MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access …
...disregards the point that 90% of security is in the system design and user practices anyway, not what OS is running on the system. This was well-discussed when it came to the kernel.org hack. Ultimately most hacks trace back to a wetware bug somewhere: someone who's a trusted user on the system gets their personal system hacked or stolen.
There's very little you can do about that, because as far the server is concerned, the hacker looks precisely like someone who absolutely should (indeed, must) have permission to do all the things they then go ahead and do. Doesn't really matter what software the server is running, if a privileged user's access credentials are compromised.
"...speculated the site was infected after a MySQL developer was compromised and had his password stolen."
I am tired of women being speculatively overlooked for their contributions. Please change the pronoun to, "her".
I got your back ladies!
Jim
(satire. save the slings and arrows for someone evil that is empowered to wreak havoc with their small mind. Mine is only used for entertainment purposes.)
The article states that the breach most likely occurred due to an individual developer account being compromised, so it was not necessarily the security of MySQL or whatever software they happen to be running which is at fault...
What was the developer running, and how did his credentials come to be stolen? Did he do something stupid like send them over an insecure channel, or was his workstation compromised?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
