You seem to see threats as a "black and white" problem. Put enough "what ifs" in front of
a statement, and nothing anywhere has any security at all.
On 15 Nov 10, at 23:30, mysql-digest-help@stripped wrote:
> From: "Daevid Vincent" <daevid@stripped>
> Date: 14 November 2010 13:22:02 PST
> To: <mysql@stripped>
> Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities
>
>
> I don't think you understand how many exploits work. Through some social
> engineering or plain brute force or rainbow tables I can get the user/pass
> for many typical users. I could also give you some code and tell you to run
> it and thereby my code is executed as an "authenticated user" without you
> even knowing it. And here's another statistic you might not be aware of --
> most "hacking" attempts are done BY people INSIDE a company, not external to
> it. It's extremely foolish and short-sighted to think that your system is
> safe unless it's in a "glass jar" and YOU are the ONLY user on it. Even
> then, YOUR account could be compromised too.
----------------
Thought is the sculptor who can create the person you want to be. -- Henry David Thoreau
:::: Jan Steinman, EcoReality Co-op ::::
