List:General Discussion« Previous MessageNext Message »
From:Jan Steinman Date:November 16 2010 4:59pm
Subject:Re: FW: [USN-1017-1] MySQL vulnerabilities
View as plain text  
You seem to see threats as a "black and white" problem. Put enough "what ifs" in front of
a statement, and nothing anywhere has any security at all.

On 15 Nov 10, at 23:30, mysql-digest-help@stripped wrote:

> From: "Daevid Vincent" <daevid@stripped>
> Date: 14 November 2010 13:22:02 PST
> To: <mysql@stripped>
> Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities
> I don't think you understand how many exploits work. Through some social
> engineering or plain brute force or rainbow tables I can get the user/pass
> for many typical users. I could also give you some code and tell you to run
> it and thereby my code is executed as an "authenticated user" without you
> even knowing it. And here's another statistic you might not be aware of --
> most "hacking" attempts are done BY people INSIDE a company, not external to
> it. It's extremely foolish and short-sighted to think that your system is
> safe unless it's in a "glass jar" and YOU are the ONLY user on it. Even
> then, YOUR account could be compromised too.

Thought is the sculptor who can create the person you want to be. -- Henry David Thoreau
:::: Jan Steinman, EcoReality Co-op ::::

FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent12 Nov
  • Re: FW: [USN-1017-1] MySQL vulnerabilitiesJohan De Meersman12 Nov
    • RE: FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent12 Nov
      • Re: FW: [USN-1017-1] MySQL vulnerabilitiesGael12 Nov
        • Re: FW: [USN-1017-1] MySQL vulnerabilitiesRob Wultsch13 Nov
RE: FW: [USN-1017-1] MySQL vulnerabilitiesJan Steinman13 Nov
  • RE: FW: [USN-1017-1] MySQL vulnerabilitiesDaevid Vincent14 Nov
    • Re: FW: [USN-1017-1] MySQL vulnerabilitiesJohan De Meersman15 Nov
Re: FW: [USN-1017-1] MySQL vulnerabilitiesJan Steinman16 Nov