MySQL.com have been compromised and spreading malware. This was first spotted by the folks over at Amorize. Looks like there is a piece of Javascript on mysql.com containing some obfuscated iframe link which in turn link the user to the malicious content - Blackhole exploit kit. A torrent of exploits then hit the user's browser, PDF component, Java.. The issues had now been cleaned up on mysql.com but no further words on the scope of the compromise. It also appears to be the second time this year. In the last incident, SQL injection was used to gain access to the information on the site. I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London July 2022 |
Jason 93 Posts ISC Handler Sep 26th 2011 |
Thread locked Subscribe |
Sep 26th 2011 1 decade ago |
I particularly like how Oracle hasn't put a single mention of what happened on the site. Not on the home page and not in the news section.
This total denial through silence is getting to be too common. |
Anonymous |
Quote |
Sep 27th 2011 1 decade ago |
I agree with Oracle, why glorify the incident to those that hacked the site.
|
Anonymous |
Quote |
Sep 27th 2011 1 decade ago |
On the other hand, why bother warning the middle- and upper-management types who might want to browse mysql.com to find out what that MySQL thingy those IT types are always on about around the water cooler?
|
No Love. 37 Posts |
Quote |
Sep 27th 2011 1 decade ago |
What about all of the people who visit the site and may be infected? The ethical thing to do is let everyone know what happened and when so if they had visited the site during that time they can make sure their system hasn't been comprised.
|
Anonymous |
Quote |
Sep 27th 2011 1 decade ago |
This is a very dangerous break-in considering that the people visiting the site might be SQL administrators for various companies and organizations. It wouldn't take much for a rogue keylogger on a SQL administrator's machine to do damage to a companies internal data security.
|
Robert 1 Posts |
Quote |
Sep 27th 2011 1 decade ago |
This has nothing to do with "glorifying the incident." It has to do with Oracle ignoring or minimizing the risk they cause. It's no different than when they modify the CVSS scores with their own formula just to lower the risk number.
|
Anonymous |
Quote |
Sep 27th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!