From: Jan Steinman Date: November 16 2010 4:59pm Subject: Re: FW: [USN-1017-1] MySQL vulnerabilities List-Archive: http://lists.mysql.com/mysql/223587 Message-Id: MIME-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable You seem to see threats as a "black and white" problem. Put enough "what = ifs" in front of a statement, and nothing anywhere has any security at = all. On 15 Nov 10, at 23:30, mysql-digest-help@stripped wrote: > From: "Daevid Vincent" > Date: 14 November 2010 13:22:02 PST > To: > Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities >=20 >=20 > I don't think you understand how many exploits work. Through some = social > engineering or plain brute force or rainbow tables I can get the = user/pass > for many typical users. I could also give you some code and tell you = to run > it and thereby my code is executed as an "authenticated user" without = you > even knowing it. And here's another statistic you might not be aware = of -- > most "hacking" attempts are done BY people INSIDE a company, not = external to > it. It's extremely foolish and short-sighted to think that your system = is > safe unless it's in a "glass jar" and YOU are the ONLY user on it. = Even > then, YOUR account could be compromised too. ---------------- Thought is the sculptor who can create the person you want to be. -- = Henry David Thoreau :::: Jan Steinman, EcoReality Co-op ::::