On The Insider: Swift & Kanye Named Best of the Year
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 2 of 127:
Next »
« Previous
Flaw
"It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system."

The author is wrong, he should have read his own link:
http://isc.sans.org//diary.php?date=2005-01-27

"This bot does not use any vulnerability in mysql. The fundamental weakness it uses is a week 'root' account."

The week MySQL root password and MySQL having to run as Admin under Windows is the problem. If MySQL could run under a limited account (as is does in other OSs) then the bot program could not be saved, executed, and take total control.

Again, the problem here is the week security in Windows. Poor security in a single-user system, trying to be emulate secure multi-user system is the flaw.
Posted by: dwest_z   Posted on: 01/27/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Flaw in MySQL?  rapson | 01/27/05
Flaw  dwest_z | 01/27/05
Re: Flaw  alterego_z | 01/27/05
Please tell me what Microsoft can do to fix this?  NonZealot | 01/27/05
You may know more about this than I do  enduser_z | 01/27/05
logging in as admin standard  deepee912 | 01/28/05
re: logging in as admin standard  bgoss@... | 01/28/05
MySQL on OS X  Immanuel Tranz-Mischen | 01/29/05
Try this  seosamh_z | 01/28/05
It's not all Microsoft's fault  voska | 01/28/05
Yes it is.  Immanuel Tranz-Mischen | 01/29/05
I find MS at least partially at fault.  DMalone780 | 02/02/05
Sounds like a weakness in MySQL, not Windows  NonZealot | 01/27/05
then why not do it?  linuxoverwindows | 01/27/05
You would have to ask the incompetent MySQL admin. (NT)  NonZealot | 01/27/05
happy  linuxoverwindows | 01/27/05
No, is an user flaw...  gabriele@... | 01/27/05
the windows flaw is:  linuxoverwindows | 01/27/05
What a great quote!  NonZealot | 01/27/05
As A Converted Microsoft OS User...  jbx233 | 01/27/05
Good for you, 2 comments though  PA-ITGuy | 01/28/05
You are going to set up their accts?  deepee912 | 01/28/05
from an ex-simple user  greg@... | 02/01/05
Au contraire  richdave | 01/27/05
fortunately  linuxoverwindows | 01/27/05
And why can't it?  rapson | 01/28/05
Yes...they can and should.  IT Scion | 01/28/05
Re: Flaw  Xojo | 01/28/05
Read the alert from MySQL  Expatriate US Geek | 01/28/05
Win specific  IT Scion | 01/28/05
Can you name one  Immanuel Tranz-Mischen | 01/30/05
Sure, I can name one  Sxooter_z | 02/02/05
Flaw in MySQL? - Impossible!  PMC-CON | 01/28/05
apparently the "airhead" is you  Monkey_MCSE | 01/28/05
It IS a MySQL flaw  Erik1234 | 01/28/05
So, what you're saying is...  Immanuel Tranz-Mischen | 01/30/05
not exactly  Erik1234 | 01/31/05
Apple MUST MAKE MORE MAC MINI'S!!! snicker!  Laff | 01/27/05
ewww!  linuxoverwindows | 01/27/05
Robert Lemos "THEY SET US UP THE BOMB!"  chiwawa | 01/27/05
Its confusing..  vdraken | 01/27/05
and...  linuxoverwindows | 01/27/05
Why apologize  ShadeTree | 01/27/05
!?!?  chiwawa | 01/27/05
Heres more info..  widge_z | 01/28/05
For a second I was worried  Chad_z | 01/27/05
dont worry...  linuxoverwindows | 01/27/05
CIOs who deply Windows should be sued for criminal negligence  Seething Ganglia | 01/27/05
as long as it takes  linuxoverwindows | 01/27/05
RE: as long as it takes  Duke E. Love | 01/27/05
When  htotten | 01/27/05
You did understand that the problem here is...  ShadeTree | 01/27/05
Free Tools?  PMC-CON | 01/28/05
Nothing is Free  jmtull | 02/03/05
MySQL? What's That???!???  itanalyst | 01/27/05
I can't believe it. MySQL has threatened Windows  mojoman_x@... | 01/27/05
Fale bait?  b$ | 02/02/05
MSQL???  cardinal33 | 01/27/05
Definition:  mactolinux | 01/28/05
This is choice!  ShadeTree | 01/27/05
NonNonZealot chimes in  Jay Cash | 01/27/05
choice!  dwest_z | 01/28/05
I'll agree with that  rapson | 01/28/05
Reported at isc.sans.org  eduardo.carriles@... | 01/27/05
A Bad Combination  Hugh Jass | 01/27/05
Good summary!  b$ | 02/02/05
In the words of my favorite TV Character  nucrash | 01/27/05
"Flaw" in MySQL  code_flogger | 01/28/05
So, Where Would You Find Inexperience SysAdmins?  PMC-CON | 01/28/05
Too true  rapson | 01/28/05
Could not agree more!  DMalone780 | 02/02/05
Critical Detail.....  widge_z | 01/28/05
Wrong  PA-ITGuy | 01/28/05
Wrong???  widge_z | 01/28/05
see...  PA-ITGuy | 01/28/05
Thanks...  widge_z | 01/28/05
Heres the link, sorry  widge_z | 01/28/05
Thanks  PA-ITGuy | 01/28/05
Wait a week...  widge_z | 01/28/05
Re: You are going to set up their accts?  jbx233 | 01/28/05
The OSS crowd will use any means to bash ?Windoze?  Duke E. Love | 01/28/05
MY SQL BOT  jglenn66 | 01/29/05
Open source is the key  born2btechnical | 01/31/05
Why blame Open Source  aniruddhand@... | 01/31/05
Blaming Open Source  born2btechnical | 01/31/05
Not really  hawkeyeaz1 | 02/02/05
Are you for real?  kevmiller | 02/02/05
Can't you read?  sfaid | 02/02/05
Yes, Open Source is the focus of all the world's evils...  bill@... | 02/02/05
born2bclueless  RealNonZealot | 02/02/05
Not really  Sxooter_z | 02/02/05
Open source isn't like leaving the door open..  SilentTygur | 02/02/05
You apparently didn't read the article....  jkozura_z | 02/02/05
born2bstupid  kevmiller | 02/02/05
Documentation is the key  Gregory.J.Bradley@... | 02/02/05
Blame service providers, not software writers...  PhilippeV | 02/03/05
MySQL Flaw, now Windows  DonPMitchell@... | 01/31/05
No, Password flaw (admin laziness)  hawkeyeaz1 | 02/02/05
SQL Mag loves this Worm  Sikosis-TheRealOne | 01/31/05
Definitely NOT a Windows issue  htotten | 02/02/05
Open source considered harmful?  brun@... | 02/02/05
MySQL vs. Oracle  b$ | 02/02/05
Open source is now to blame for a Windows flaw?  prisoner@... | 02/02/05
Worms and other malware  L_Hanson | 02/02/05
MySQL Worms & Open Source  MntnMn | 02/02/05
Don't let facts stand in the way of your prejudices!  b$ | 02/02/05
blame where it belongs  jrpro@... | 02/02/05
TALK ABOUT LEADING QUESTIONS!  daver_z | 02/02/05
Tells you where CNET loyalty lies.  daver_z | 02/02/05
Makes you wonder where it originated.  daver_z | 02/02/05
Open Source is not the Problem  jacartaya@... | 02/02/05
open source fault??  segurajohn@... | 02/02/05
Passwords  Happy Puppy | 02/02/05
Worms invading your operating system  krismartin56 | 02/02/05
spellcheck  krismartin56 | 02/02/05
Open Source vs "Closed" Source  Wnpauls | 02/02/05
What MySQL.com says about exploit  eduardo.carriles@... | 02/02/05
The Problem Begins at Stupidity Not Open Source  mcrute | 02/02/05
don't blame it on open source  sdrose2 | 02/02/05
exploiting bad administration  dkloke@... | 02/02/05
re-open source causing the worms  veryspecialladie@... | 02/02/05
What Flaw?  Gregory.J.Bradley@... | 02/02/05
What Flaw?  g3wzr | 02/03/05
What flaw?  jmtull | 02/03/05
Is etc?  bargeemike | 02/03/05
It uses a dictionary attack.  agottschald | 02/03/05
holas  adrian-797@... | 04/23/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

IT Solutions for 2010

  • Get cost-effective strategies and roadmaps on the most important issues facing IT leaders in 2010! Learn how to easily cut costs and deliver greater efficiency starting with your database, IT compliance management and data center. Visit the IT Leaders Dashboard. Visit the IT Leaders Dashboard.
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline