Home arrow MySQL arrow MySQL and Oracle's Sun Fall to SQL Injection Attack

MySQL and Oracle's Sun Fall to SQL Injection Attack

Proving that no one is immune to security breaches, both MySQL.com and Oracle's Sun.com have fallen to SQL injection attacks. The attackers exposed all the databases on MySQL.com, and compromised two Sun subdomains.

By: Terri Wells
Rating: starstarstarstarstar / 4
April 05, 2011

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Over the weekend, “TinKode and “NeOh,” two Romanian hackers, hit www.reman.sun.com and www.ibb.sun.com. They grabbed table names, column names and email addresses from one of the tables. So far, it's unclear whether the hackers also possess a list of usernames and passwords from the Sun.com site. They did obtain this information from MySQL.com, and posted it online.

According to Chester Wisniewski, a Sophos senior security advisor, the way the open source software was coded led to the vulnerability. “Auditing your Websites for SQL injection is an essential practice, as well as using secure passwords," he wrote on the Naked Security blog.

Specifically, both the MySQL.com and Sun.com sites have cross-site-scripting vulnerabilities, some of which came to light as recently as January. The particular attack used by the hackers allowed them to get at little bits of information at a time and put the information together. This is why hiding SQL errors from an attacker is not good enough if you're trying to secure your website.

For more on this, check http://www.eweek.com/c/a/Security/Oracles-Suncom-Hit-Along-with-MySQLCom-in-SQL-Injection-Attack-727118/


 
 
>>> More MySQL Articles          >>> More By Terri Wells
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: