Linked by Thom Holwerda on Mon 26th Sep 2011 22:25 UTC, submitted by HAL2001
Privacy, Security, Encryption Well, this is embarrassing. MySQL.com has been hacked (fixed by now), and was turned into a platform serving malware to unsuspecting visitors. The criminals did this by injecting a script which redirected visitors to a website which uses the BlackHole exploit pack, which probes the browser used and serves up an appropriate exploit. Computer security blogger Brian Krebs saw root access to MySQL.com being offered for $3000 only a few days ago.
Thread beginning with comment 490903
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: IE 9 will block this.
by Gullible Jones on Tue 27th Sep 2011 12:49 UTC in reply to "IE 9 will block this."
Gullible Jones
Member since:
2006-05-23

XSS blocking != wholesale Javascript blocking. Though last I checked it is possible to get Noscript-like functionality on IE using Proxomitron.

(And IIRC Chrome does include some measures against XSS, just not as many as Noscript.)

IE 8 and 9 are sandboxed on Windows Vista and 7 though, if you enable UAC. Not sure how effective that would be in this case. I personally wouldn't know, since I never use IE - I find the user interface annoying.

Reply Parent Score: 2