vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   MySQL.com compromised (https://vborg.vbsupport.ru/showthread.php?t=261097)

Paul M 03-28-2011 09:23 PM
MySQL.com compromised
 
MySQL.com got hit by a SQL Injection attack, resulting in account passwords being compromised.

http://blog.sucuri.net/2011/03/mysql...mpromised.html

HMBeaty 03-28-2011 09:25 PM
Oh that's lovely...

Boofo 03-28-2011 09:29 PM
Do we have to worry about this for our sites now?

BirdOPrey5 03-28-2011 09:37 PM
This is only a problem if you had an account on mysql.com. If you did your password may be compromised.

These attacks on major sites seem to becoming more and more common.

I hate to admit but I used to just use 1 secure password across multiple sites, but now that sites are getting compromised I've changed to very secure random passwords unique to every site- which is what everyone should have been doing all along but is just impractical.

Now I need a password manager to manage them all. So i have to keep that backed up in 3 places with it's own very secure password. :banghead:

Boofo 03-28-2011 09:41 PM
I have no account there so I am in the clear.

Like you, I use different passwords on all sites I am signed up on. I use a password maker that randomly makes 10 character passwords so it is fairly secure. Since I use Opera and Roboform (in IE and FF), backing up the password files is fairly easy.

BirdOPrey5 03-28-2011 09:50 PM
I'm looking at Roboform's website but I can't tell what I need. Do i need the "everywhere" do I need the deaktop/laptop or do I need both? Obviously I want to use it on my laptop and any other computer I may have...

But if I upload all my passwords to them, and they get hacked, it seems like I'm in a worse position than ever.

Boofo 03-28-2011 10:05 PM
The everywhere version is where you upload them to an account that you can access them from any computer. I don't trust them being out there on the net somewhere.

The Desktop version is the one I use and it stores it all on my system. I have the passwords directory set to my backup D: drive so I don't have to worry about saving them as they are not on the windows drive.

The best version to have, in my opinion is the desktop version. The portable version is nice if you are constantly accessing the net from different computers away from home, but I only access the net from home, so no biggie for me.

BirdOPrey5 03-28-2011 10:15 PM
Thanks... checking out LastPass now too. I currently use http://pwsafe.org/ - it's free and open source but pretty basic.

Boofo 03-28-2011 10:26 PM
I looked at LastPass and picked Roboform because it was so much better in my opinion. And it has been around a lot longer, too, IIRC. I've been a registered user of Roboform since 2004. ;)

Princeton 03-29-2011 12:30 PM
RoboForm Everywhere is handy if you have multiple computers/laptop.

Boofo 03-29-2011 05:37 PM
Quote:
Originally Posted by Princeton (Post 2178713)
RoboForm Everywhere is handy if you have multiple computers/laptop.
Handy, yes. Safe? Not so sure. What happens when the place you upload all your passwords to gets hacked?

Princeton 03-29-2011 07:27 PM
I believe the passwords are encrypted - the same applies to their RoboForm2Go version.

Boofo 03-29-2011 07:44 PM
RoboForm2Go is their portable version so the passwords do not get uploaded to their servers.

Brandon Sheley 03-29-2011 07:51 PM
oh my..


Quote:
What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like the password used by MySQL’s Director of Product Management, it is only 4 numbers long. Multiple admin passwords for blogs.mysql.com were also posted.

TNCclubman 03-29-2011 08:36 PM
Cant wait for the world to be cloud computing. Password stealing is going to seem like a waste of time compared to getting your hands on everyones full data storage.

BirdOPrey5 03-29-2011 10:49 PM
Quote:
Originally Posted by Princeton (Post 2178832)
I believe the passwords are encrypted - the same applies to their RoboForm2Go version.
My concern is, if there was a way to store passwords to be uncrackable, websites would just use that to store their passwords to begin with, no? Why would one have better encryption than the other?

Boofo 03-29-2011 11:06 PM
Quote:
Originally Posted by TNCclubman (Post 2178851)
Cant wait for the world to be cloud computing. Password stealing is going to seem like a waste of time compared to getting your hands on everyones full data storage.
Cloud computing will only make things worse. Then almost everything will be stored online for hackers to try and get access to.

cellarius 04-15-2011 10:05 AM
Quote:
Originally Posted by BirdOPrey5 (Post 2178541)
Thanks... checking out LastPass now too. I currently use http://pwsafe.org/ - it's free and open source but pretty basic.
I use Keefox (free) and syncronize the encrypted data file over dropbox. For FF i use the Keefox extension. Advantage: I use it for all kinds of client side passwords, too (serials, passwords for online banking etc.). The auto insertion works not only for browsers.

Brandon_R 05-15-2011 08:31 PM
Ironic but i hope they fix it. MYSQL is very nice.

Rafa-el 05-16-2011 02:41 AM
Quote:
Originally Posted by Boofo (Post 2178908)
Cloud computing will only make things worse. Then almost everything will be stored online for hackers to try and get access to.
+1

It means that if they get access to the cloud they will access to your whole life, and more than that, access to everybody's lifes!

05-16-2011 03:20 AM
Can't beat using random 15 character passwords on all sites, and then simply saving it into a .txt file.

Sure...it takes a few times after seeing it until you actually remember it, so you have to look in the .txt file a bunch,
but for us security freaks. It's worth it. :)

Xtrato 05-16-2011 04:45 AM
finger scanner .............

cellarius 05-16-2011 05:39 AM
Quote:
Originally Posted by Cweener (Post 2196215)
Can't beat using random 15 character passwords on all sites, and then simply saving it into a .txt file.

Sure...it takes a few times after seeing it until you actually remember it, so you have to look in the .txt file a bunch,
but for us security freaks. It's worth it. :)
A txt file? Honestly? Great security concept. How hard is your computer to break into? At least use a good password safe that uses a local encrypted database! (Keefox comes to mind, it's open source, too)


All times are GMT. The time now is 05:23 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03275 seconds
  • Memory Usage 1,758KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (23)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete