Security - Channel Insider

Empowering the next generation Channel

Home

Security

Sun.com, MySQL.com Hacked, SQL Injection Attack

[ci] deep dives:

Managed Services Distribution Careers Linux and Unix Computer Networking Printers Security SMB Partner Storage Surveys Solution Builder Messaging/Collaboration Dell Reseller Microsoft Partner

Sun.com, MySQL.com Hacked, SQL Injection Attack

in Security

DATE: 2011-03-30 | By Channel Insider Staff

Article Rating:

/ 2
Article Views: 4517

More Security Coverage

<<Previous Security News Next Security News >>

Hackers were able to expose database names and email addresses at MySQL.com and Sun.com.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

The same hackers who exposed all the databases running on MySQL.com attacked Sun.com.

The Rumanian hackers, “TinKode” and “Ne0h” compromised two Sun subdomains, including www.reman.sun.com and www.ibb.sun.com, according to a blog post on March 27. Using a SQL injection attack, TinKode was able to obtain table names, column names and email addresses stored in one of the tables. It’s not clear at this point whether TinKode compromised any passwords on the Sun.com site or if this information is being held back for some reason.

TinKode has been busy in recent days going after MySQL databases. According to TinKode’s Bay Words blog, TinKode used the SQL injection attack on MySQL.com March 27 and on ESET’s Rumanian page March 20.

The problem was not with the open-source database software, but with the way the Website was coded, Chester Wisniewski, a Sophos senior security advisor, wrote on the Naked Security blog.

In the blind SQL injection attack on MySQL.com, the same hackers managed to expose database names, tables, columns, user accounts and passwords. Along with administrator passwords for the databases, the hackers managed to expose WordPress blog passwords that had been stored in the tables.

It’s not clear whether the same vulnerability existed on both sites. SQL injection vulnerabilities allow remote attackers to compromise databases through the Website by inserting malicious SQL code into input fields, such as Web forms. If the application doesn’t handle the code correctly, it is passed to the database, which executes the command and returns the results to the browser for the attacker to see.

"Auditing your Websites for SQL injection is an essential practice, as well as using secure passwords," Wisniewski wrote. "Either can lead you down a road that ends in tears."

Both MySQL.com and Sun.com have a number of unfixed cross-site-scripting vulnerabilities on their sites, according to XSSed.com, where security researchers and hackers submit found XSS flaws. Both domains had issues that were discovered as recently as January. It is not clear if attackers combined the XSS flaws with the SQL injection attacks.

For more, read the eWEEK article: Oracle's Sun.com Hit Along with MySQL.com in SQL Injection Attack.

comments dic



	>>> More Security Articles >>> More By Channel Insider Staff

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Follow @ChannelInsider
< Prev | Next >

about 6 hours agoAssessing the Impact of HP Layoffs - HP needs channel partners to help put some distance between it all the drama ... http://t.co/2H0Gq8HJ
about 8 hours agoThin Client Opportunity Gets Richer for the Channel - IT organizations are rethinking client strategy in the age of ... http://t.co/JxUbh24m
May 23rd 4:38 PMPutting a Channel Face on the Cloud - Amazon, Google and others may leverage the channel to compete more aggressivel... http://t.co/RUeo9iT5
May 22nd 10:41 PMExpanding the Reach and Scope of Desktop Virtualization - VMware moves to acquire Wanova - VMware has set out to ... http://t.co/Ad020fhT
May 22nd 8:58 PMConsidering the IBM Watson Possibilities - IBM looks to the channel to help find new use cases for cognitive computi... http://t.co/CAljVbac
May 22nd 8:54 AMVariations on a Cloud Storage Theme in the Channel - EMC expands focus on the cloud via a channel that is wrestling ... http://t.co/MORSpkkb
May 21st 10:43 AMRightsizing the Cloud Service Provider - Cloudbursting will alter the way the channel thinks about cloud computing i... http://t.co/eZ33qdKE
May 17th 6:39 PMThe Future of IT Services - Automated managed services are transforming the way IT services are delivered - Histo... http://t.co/w4zvAS8u
May 17th 12:39 PMRising to the Cloud Application Management Challenge - BetterCloud previews management tool for Google Apps environm... http://t.co/KzhO7FlP
May 16th 11:00 AMPlaying the IT Services Name Game - HP expands ability of partners to deliver branded services as part of effort to ... http://t.co/XU3QOnKz

[ci] feeds

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

CHANNEL SPONSORED RESOURCE CENTER

Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
Click Here

Security and Availability Essentials for Running Your Business in the Cloud
Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
Watch Video

New Tool Analyzes Data Without Bias

A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
Click Here

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 8

Sun.com, MySQL.com Hacked, SQL Injection Attack

More Security Coverage

Hackers were able to expose database names and email addresses at MySQL.com and Sun.com.

Related Content

Follow @ChannelInsider < Prev | Next >

Follow @ChannelInsider
< Prev | Next >