Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-16 Thread Jan Steinman
To: mysql@lists.mysql.com Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities I don't think you understand how many exploits work. Through some social engineering or plain brute force or rainbow tables I can get the user/pass for many typical users. I could also give you some code and tell you

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-15 Thread Johan De Meersman
. -Original Message- From: Jan Steinman [mailto:j...@bytesmiths.com] Sent: Saturday, November 13, 2010 1:33 PM To: mysql@lists.mysql.com Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities From: Daevid Vincent dae...@daevid.com my point exactly. there is NONE. and if you don't

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-14 Thread Daevid Vincent
then, YOUR account could be compromised too. -Original Message- From: Jan Steinman [mailto:j...@bytesmiths.com] Sent: Saturday, November 13, 2010 1:33 PM To: mysql@lists.mysql.com Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities From: Daevid Vincent dae...@daevid.com my point exactly

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-13 Thread Rob Wultsch
On Fri, Nov 12, 2010 at 3:23 PM, Gael gael.marti...@gmail.com wrote: On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent dae...@daevid.com wrote: my point exactly. there is NONE. and if you don't patch your mysql as needed, then you will need a lot more help when you're hacked. ;-p

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-13 Thread Jan Steinman
From: Daevid Vincent dae...@daevid.com my point exactly. there is NONE. and if you don't patch your mysql as needed, then you will need a lot more help when you're hacked. ;-p I note that the impact of every single one of these vulnerabilities was An authenticated user could exploit this to

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Johan De Meersman
I suspect that that is because this is not a security list, but a general help list. If you want those things, you'll get them from either your vendor, bugtraq, or the mysql security-specific mailing list that undoubtedly exists somewhere. Don't ask me where, though - I'm not on it either :-) On

RE: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Daevid Vincent
:18 PM To: Daevid Vincent Cc: mysql Subject: Re: FW: [USN-1017-1] MySQL vulnerabilities I suspect that that is because this is not a security list, but a general help list. If you want those things, you'll get them from either your vendor, bugtraq, or the mysql security-specific mailing list

Re: FW: [USN-1017-1] MySQL vulnerabilities

2010-11-12 Thread Gael
On Fri, Nov 12, 2010 at 4:12 PM, Daevid Vincent dae...@daevid.com wrote: my point exactly. there is NONE. and if you don't patch your mysql as needed, then you will need a lot more help when you're hacked. ;-p http://lists.mysql.com/ Daevid, You may want to read