back to article MySQL.com breach leaves visitors exposed to malware

Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said. MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access …

COMMENTS

This topic is closed for new posts.
  1. NoneSuch Silver badge
    Thumb Up

    I would still...

    ... prefer Open Source security over anything MS can come up with. Nothing is perfect and stuff happens with all OS's.

    1. vagabondo
      Facepalm

      but it looks like downloads.mysql.com is running on Solaris, which I believe is proprietor y

      .

      1. AdamWill

        more importantly...

        ...disregards the point that 90% of security is in the system design and user practices anyway, not what OS is running on the system. This was well-discussed when it came to the kernel.org hack. Ultimately most hacks trace back to a wetware bug somewhere: someone who's a trusted user on the system gets their personal system hacked or stolen.

        There's very little you can do about that, because as far the server is concerned, the hacker looks precisely like someone who absolutely should (indeed, must) have permission to do all the things they then go ahead and do. Doesn't really matter what software the server is running, if a privileged user's access credentials are compromised.

    2. Anonymous Coward
      Anonymous Coward

      I would prefer...

      ... something thats not been touched by Oracle... PostgreSQL anyone?

      1. AdamWill

        mysql is pretty entrenched in all sorts of things now, and it's not exactly a simple switch-flip to change to postgre. i expect most migrations would be to mariadb if anything.

  2. eulampios

    altera pars

    All seem to forget DigiNotar - a Microsoft-filled business that recently went bankrupt. It has been hacked for years producing hundreds of false SSL certificates.

  3. Anonymous Coward
    Anonymous Coward

    what is this i dont even

    >"website malware that often spreads when compromised machines are used to access restricted FTP clients"

    What is that gibberish supposed to mean?

  4. Arion

    One word; MariaDB.

  5. Jim Preis
    Trollface

    Equal rights for women - NOW!

    "...speculated the site was infected after a MySQL developer was compromised and had his password stolen."

    I am tired of women being speculatively overlooked for their contributions. Please change the pronoun to, "her".

    I got your back ladies!

    Jim

    (satire. save the slings and arrows for someone evil that is empowered to wreak havoc with their small mind. Mine is only used for entertainment purposes.)

  6. Joe Montana
    FAIL

    Developer hacked

    The article states that the breach most likely occurred due to an individual developer account being compromised, so it was not necessarily the security of MySQL or whatever software they happen to be running which is at fault...

    What was the developer running, and how did his credentials come to be stolen? Did he do something stupid like send them over an insecure channel, or was his workstation compromised?

  7. Kasper Loopstra

    Diginotar

    Admittedly, Diginotar was associated with Dutch Government IT. It didn't matter if they ran the most paranoid if systems, they were doomed from the moment the government contract was signed.

  8. Anonymous Coward
    Trollface

    Oracle really means business!

    Its good to see all the "positive" effects which the Oracle take over has on all the products formerly being managed by Sun. Things really start to look up now; very impressive achievements indeed.

    (yes this is a troll, I can't stand Oracle).

  9. KJB
    Mushroom

    Lowlife scum

    Is it just me that thinks this every single time I read about one of these skiddy hacks?

    <-- What I'd like to do to them...

    1. Anonymous Coward
      Anonymous Coward

      Blimey

      You want to blow someone up for posting a silly message on someone twitter?

      What are you going to do when you get a parking ticket? Self mutilation at least!

  10. DragonKin37
    Mushroom

    Ahh SQL

    Giving security admins migranes since 2003!

  11. Captain Scarlet

    Well

    If someone managed to get a backdoor in without it being noticed why modify the front page which would surely cause an audit of code anyway?

    For a backdoor however either closed or open source may be affected whether it was deliberatly put there or an error made by someone.

  12. Daniel B.
    Coat

    Bobby Tables

    I think I know who paid a visit to the MySQL site then...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021