Trivial Password Flaw Leaves MySQL Databases Exposed

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying any password to an affected server.

With LinkedIn: The Bell Tolls For Simple Password Hashing

This week’s revelations about leaks of user passwords from the professional networking site LinkedIn, dating Web site and music site suggest that even tech-savvy firms are slow to accept that hashes -a once-reliable technology for storing data online – now offer scant protection for sensitive data.

Claims surfaced earlier this week that the French security firm VUPEN, which is known for selling zero-day vulnerabilities to third parties, had been compromised and more than 100 of the company’s secret bugs had been leaked. However, VUPEN’s CEO said that the claims were totally false and there was no hack, let alone a leak of the company’s vulnerability inventory.

The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.