Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 28 Mar 2011, 22:23
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Thumbs down MySQL.com compromised

MySQL.com got hit by a SQL Injection attack, resulting in account passwords being compromised.

http://blog.sucuri.net/2011/03/mysql...mpromised.html
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #2  
Old 28 Mar 2011, 22:25
HMBeaty's Avatar
HMBeaty HMBeaty is offline
 
Join Date: Sep 2005
Real name: Brooks
Oh that's lovely...
__________________
"Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time!"
"It's important to only think about what you desire, not what you fear to achieve your ultimate goal!!
Reply With Quote
  #3  
Old 28 Mar 2011, 22:29
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Do we have to worry about this for our sites now?
Reply With Quote
  #4  
Old 28 Mar 2011, 22:37
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
This is only a problem if you had an account on mysql.com. If you did your password may be compromised.

These attacks on major sites seem to becoming more and more common.

I hate to admit but I used to just use 1 secure password across multiple sites, but now that sites are getting compromised I've changed to very secure random passwords unique to every site- which is what everyone should have been doing all along but is just impractical.

Now I need a password manager to manage them all. So i have to keep that backed up in 3 places with it's own very secure password. :banghead:
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #5  
Old 28 Mar 2011, 22:41
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
I have no account there so I am in the clear.

Like you, I use different passwords on all sites I am signed up on. I use a password maker that randomly makes 10 character passwords so it is fairly secure. Since I use Opera and Roboform (in IE and FF), backing up the password files is fairly easy.
Reply With Quote
  #6  
Old 28 Mar 2011, 22:50
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
I'm looking at Roboform's website but I can't tell what I need. Do i need the "everywhere" do I need the deaktop/laptop or do I need both? Obviously I want to use it on my laptop and any other computer I may have...

But if I upload all my passwords to them, and they get hacked, it seems like I'm in a worse position than ever.
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #7  
Old 28 Mar 2011, 23:05
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
The everywhere version is where you upload them to an account that you can access them from any computer. I don't trust them being out there on the net somewhere.

The Desktop version is the one I use and it stores it all on my system. I have the passwords directory set to my backup D: drive so I don't have to worry about saving them as they are not on the windows drive.

The best version to have, in my opinion is the desktop version. The portable version is nice if you are constantly accessing the net from different computers away from home, but I only access the net from home, so no biggie for me.
Reply With Quote
  #8  
Old 28 Mar 2011, 23:15
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Thanks... checking out LastPass now too. I currently use http://pwsafe.org/ - it's free and open source but pretty basic.
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #9  
Old 28 Mar 2011, 23:26
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
I looked at LastPass and picked Roboform because it was so much better in my opinion. And it has been around a lot longer, too, IIRC. I've been a registered user of Roboform since 2004.

Last edited by Boofo; 28 Mar 2011 at 23:31.
Reply With Quote
  #10  
Old 29 Mar 2011, 13:30
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
RoboForm Everywhere is handy if you have multiple computers/laptop.
__________________
Former vBulletin.org Staff Member

Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
Reply With Quote
  #11  
Old 29 Mar 2011, 18:37
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by Princeton View Post
RoboForm Everywhere is handy if you have multiple computers/laptop.
Handy, yes. Safe? Not so sure. What happens when the place you upload all your passwords to gets hacked?
Reply With Quote
  #12  
Old 29 Mar 2011, 20:27
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
I believe the passwords are encrypted - the same applies to their RoboForm2Go version.
__________________
Former vBulletin.org Staff Member

Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
Reply With Quote
  #13  
Old 29 Mar 2011, 20:44
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
RoboForm2Go is their portable version so the passwords do not get uploaded to their servers.
Reply With Quote
  #14  
Old 29 Mar 2011, 20:51
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Real name: Brandon
oh my..


What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like the password used by MySQL’s Director of Product Management, it is only 4 numbers long. Multiple admin passwords for blogs.mysql.com were also posted.
__________________

Email me for website help: brandon[at]sheley[dot]org
Reply With Quote
  #15  
Old 29 Mar 2011, 21:36
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Cant wait for the world to be cloud computing. Password stealing is going to seem like a waste of time compared to getting your hands on everyones full data storage.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:08.

Layout Options | Width: Wide Color: