All the latest UK technology news, reviews and analysis

MySQL’s SQL injection attack highlights poor password management

by Phil Muncaster

29 Mar 2011

Be the first to comment

  • Tweet this

An attack on Oracle's MySQL B2C site at the weekend has exposed some dubious password management at the firm.

Hackers known as "TinKode" and "Ne0h" carried out the SQL injection attack - presumably aware of the irony of doing so - posting user names and password hashes from the site.

These included the passwords for the corporate blogs of former MySQL director of product management Robin Schumacher, and former vice president of community relations Kaj Arnö.

Chester Wiesniewski, senior security advisor at Sophos Canada, argued that the revealed passwords said a lot about the poor security practices used at the firm.

"Most embarrassingly, the director of product management's WordPress password was set to a four digit number ... his ATM PIN perhaps? Several accounts had passwords like ‘qa'," he said.

"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."

He recommended all firms audit their public-facing sites for SQL injections, and noted that this isn't the first time MySQL has been in trouble.

"It was noted on Twitter that mysql.com is also subject to a cross-site scripting vulnerability that was reported in January 2011 and has not been remedied," he added.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Security padlock image

Mykonos looks to thwart hacker intelligence with Web Security Software

Related white papers

Related videos

Related articles

Related jobs

Today's top stories

Samsung Galaxy S III running Android Ice Cream Sandwich

Samsung Galaxy S3 launch fails to attract iPhone-like crowds

hurricane-irene

American Express predicts online hurricane to blow big business away

assange

Wikileaks founder Julian Assange loses extradition appeal hearing

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

31%

2%

14%

53%

Features

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

cookie

ICO sends out mixed messages on cookie law

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Technology jobs

Functional Oracle Support Analyst

Functional Oracle Support Analyst - EBS Financials, Support...

Oracle E-Business Suite Technical Consultant

Oracle E-Business Suite Technical Consultant - EBS...

Oracle Applications DBA

Oracle Applications DBA - East London - All salaries...

Oracle Functional Consultants

Oracle Functional Consultants - Financial - Project Accounting...

To send to more than one email address, simply separate each address with a comma.