Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-16 Thread Jan Steinman
r 2010 13:22:02 PST > To: > Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities > > > I don't think you understand how many exploits work. Through some social > engineering or plain brute force or rainbow tables I can get the user/pass > for many typical users. I could a

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-15 Thread Johan De Meersman
ass jar" and YOU are the ONLY user on it. Even > then, YOUR account could be compromised too. > > -Original Message- > From: Jan Steinman [mailto:j...@bytesmiths.com] > Sent: Saturday, November 13, 2010 1:33 PM > To: mysql@lists.mysql.com > Subject: RE: FW: [USN-1017-

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-14 Thread Daevid Vincent
ss jar" and YOU are the ONLY user on it. Even then, YOUR account could be compromised too. -Original Message- From: Jan Steinman [mailto:j...@bytesmiths.com] Sent: Saturday, November 13, 2010 1:33 PM To: mysql@lists.mysql.com Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities > Fr

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-13 Thread Jan Steinman
> From: "Daevid Vincent" > > my point exactly. there is NONE. and if you don't patch your mysql as > needed, then you will need a lot more help when you're hacked. ;-p I note that the impact of every single one of these vulnerabilities was "An authenticated user could exploit this to make MySQL

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-13 Thread Rob Wultsch
On Fri, Nov 12, 2010 at 3:23 PM, Gael wrote: > On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent wrote: > >> my point exactly. there is NONE. and if you don't patch your mysql as >> needed, then you will need a lot more help when you're hacked. ;-p >> >> http://lists.mysql.com/ >> > On May 21 they

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Gael
On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent wrote: > my point exactly. there is NONE. and if you don't patch your mysql as > needed, then you will need a lot more help when you're hacked. ;-p > > http://lists.mysql.com/ > > > > Daevid, You may want to read http://dev.mysql.com/tech-resources

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Daevid Vincent
2, 2010 12:18 PM To: Daevid Vincent Cc: mysql Subject: Re: FW: [USN-1017-1] MySQL vulnerabilities I suspect that that is because this is not a security list, but a general help list. If you want those things, you'll get them from either your vendor, bugtraq, or the mysql security-specific ma

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Johan De Meersman
I suspect that that is because this is not a security list, but a general help list. If you want those things, you'll get them from either your vendor, bugtraq, or the mysql security-specific mailing list that undoubtedly exists somewhere. Don't ask me where, though - I'm not on it either :-) On

FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Daevid Vincent
How come these kinds of notices are not sent to the mysql list? I realize this particular one is from Ubuntu, but the vulnerability is not ubuntu specific, it's mysql. Why aren't the mysql, er um, Oracle people more pro-active about letting us know these things? -Original Message- From: u