To: mysql@lists.mysql.com
Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities
I don't think you understand how many exploits work. Through some social
engineering or plain brute force or rainbow tables I can get the user/pass
for many typical users. I could also give you some code and tell you
.
-Original Message-
From: Jan Steinman [mailto:j...@bytesmiths.com]
Sent: Saturday, November 13, 2010 1:33 PM
To: mysql@lists.mysql.com
Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities
From: Daevid Vincent dae...@daevid.com
my point exactly. there is NONE. and if you don't
then, YOUR account could be compromised too.
-Original Message-
From: Jan Steinman [mailto:j...@bytesmiths.com]
Sent: Saturday, November 13, 2010 1:33 PM
To: mysql@lists.mysql.com
Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities
From: Daevid Vincent dae...@daevid.com
my point exactly
On Fri, Nov 12, 2010 at 3:23 PM, Gael gael.marti...@gmail.com wrote:
On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent dae...@daevid.com wrote:
my point exactly. there is NONE. and if you don't patch your mysql as
needed, then you will need a lot more help when you're hacked. ;-p
From: Daevid Vincent dae...@daevid.com
my point exactly. there is NONE. and if you don't patch your mysql as
needed, then you will need a lot more help when you're hacked. ;-p
I note that the impact of every single one of these vulnerabilities was An
authenticated user could exploit this to
How come these kinds of notices are not sent to the mysql list? I realize
this particular one is from Ubuntu, but the vulnerability is not ubuntu
specific, it's mysql. Why aren't the mysql, er um, Oracle people more
pro-active about letting us know these things?
-Original Message-
From:
I suspect that that is because this is not a security list, but a general
help list. If you want those things, you'll get them from either your
vendor, bugtraq, or the mysql security-specific mailing list that
undoubtedly exists somewhere. Don't ask me where, though - I'm not on it
either :-)
On
:18 PM
To: Daevid Vincent
Cc: mysql
Subject: Re: FW: [USN-1017-1] MySQL vulnerabilities
I suspect that that is because this is not a security list, but a general
help list. If you want those things, you'll get them from either your
vendor, bugtraq, or the mysql security-specific mailing list
On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent dae...@daevid.com wrote:
my point exactly. there is NONE. and if you don't patch your mysql as
needed, then you will need a lot more help when you're hacked. ;-p
http://lists.mysql.com/
Daevid,
You may want to read